Dan Mahoney, System Admin
danm@prime.gushi.org
Wed Mar 1 21:32:43 UTC 2006
On Sun, 26 Feb 2006, Vernon Schryver wrote: > http://www.fortinet.com/news/pr/2005/pr121305.html > now says > > ]FortiMail 2.2 firmware adds the following to FortiMail systems: > ] > ] * Enhanced Spam Detection: Includes the following email content > ] inspection features that bring antispam detection accuracy up > ] to 97 percent. > ] o Checksum Blocklist: Integrates with Fortinet's FortiGuard > ] Antispam Service, which inspects all content within an > ] email, including attachments and graphics, and applies a > ] checksum against the content to determine whether it is spam. > ] o Greylist: Checks "reply to," "from" and "IP" headers > ] for new email senders that FortiMail does not recognize > ] and delays response to suspicious email servers to determine > ] the legitimacy of the sender. > ] o Heuristics: Includes more than 600 rules that are indexed > ] by a heuristics filter to inspect and score all parts of > ] an email for spam characteristics. > ] o Spam URI Real-time Blocklist: Monitors Universal Resource > ] Identifiers (URIs) that are embedded in emails as another > ] content-based technique to detect spam. > > There are several ways to get those features, but only one I know > involves streams of mostly valid but some malformed DCC/UDP/IP packets > sent to the public DCC servers. For some reason I find this shocking, but not surprising, if you can follow the difference. After all, a goodly number of other firewalls have done little more than take advantage of several opensource products (Linux, Snort) -- so it's no surprise that what's above could be DCC/SpamAssassin/Razor/Pyzor at all to me. The thing that confuses me, and I ask this only from an interest point of view, not debate -- is why would the software deliberately send malformed packets? I.e. why make it more obvious they're bending the clearly stated rules? Clearly these geniuses have read the license, and have decided somehow to circumvent it -- and my expectation is that if in fact you've done the PR-unfriendly thing and filed the appropriate cease and desists, you're not at liberty to discuss them anyway. -Dan -- "Your future hasn't been written yet; no one's has. So make it a good one!" -"Doc" Emmet L. Browne, Back to the Future III --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
More information about the DCC
mailing list
