[syslog-ng] [SPAM] Introducing pdbtool patternize
Peter Gyongyosi
gyp at balabit.hu
Mon Jan 11 10:41:26 CET 2010
Spam detection software, running on the system "communigate1.eyssen.hu", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi, As Márton has already written about it [1], lots of guys
here at BalaBit spent a lot of time last year creating a pattern database
for some 200+ often-used applications. Just like every manual process, this
was a tedious task which begged to be automated. Of course it cannot be fully
automated as no algorithm can replace an actual person understanding the
structure of the logs a piece of software produces (or even looking into the
source code to see how they're generated), but still, a tool that can detect
similar messages in a log database and generate a pattern database for it
would've been real handy. [...]
Content analysis details: (7.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.4 HELO_EQ_HU HELO_EQ_HU
3.4 FH_DATE_PAST_20XX The date is grossly in the future.
0.1 TW_DB BODY: Odd Letter Triples with DB
0.1 TW_PD BODY: Odd Letter Triples with PD
2.4 HELO_MISMATCH_HU HELO_MISMATCH_HU
-------------- next part --------------
An embedded message was scrubbed...
From: Peter Gyongyosi <gyp at balabit.hu>
Subject: [syslog-ng] Introducing pdbtool patternize
Date: Mon, 11 Jan 2010 10:41:26 +0100
Size: 5635
Url: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100111/40b473b7/attachment.eml
More information about the syslog-ng
mailing list