What's new in jwSpamSpy

joewein.de

Software
jwSpamSpy
Spam
Virus emails
Blacklist details
Domain Blacklist

Links

Search

Contact

What's new in jwSpamSpy (2005-07-06)

Since the commercial release of jwSpamSpy at the end of May 2004, we have been updating our software on a regular basis. We rely on your feedback to make improvements to better serve your needs. The following page describes changes we have made and problems that have come to our attention.

Resize dialog, Netscape FP, AVAST (2005-07-06)
Support for SURBL backlist (2005-02-23)
Reduced false positives (Outlook Express) (2005-02-15)
Reduced false positives (Thunderbird, AspMail) (2005-01-23)
Problem with activating license key (2005-01-07)
Reduced false positives, virus filtering (2004-12-10)
More effective whitelisting (2004-10-31)
Keep those virus scanners happy ;-) (2004-10-06)
Extending the trial period (2004-09-27)
Performance, server name in About dialog (2004-09-09)
House cleaning on domain list (2004-08-04)
Filtering MyDoom worm (2004-07-26)
Outlook Express automatically closed during install (2004-07-03)
User interface: Doubleclick, Exit to Manual (2004-06-24)
Abuse contact database and dialog (2004-06-23)
Local mailbox host can be specified as a name (2004-06-13)
Spam with .cx-domains could hang jwSpamSpy (2004-06-07)
jwSpamSpy shows statistics of filter results (2004-06-01)
Ad-aware prevents jwSpamSpy from installing correctly (2004-05-28)

Resize dialog, Netscape FP, AVAST (2005-07-06)
The user interface of jwSpamSpy has been renovated:

The main dialog of the program is now resizable and can be maximized, making viewing the spam list easier.
All buttons in the main dialog now have tool tips.
Three of the main functions, Pickup Mail, Preview Filtering and Delete Spam are now available as buttons.
In the blacklist and whitelist dialogs, the "Add" button is now the default button, instead of the Cancel button, so you can type addresses and domains followed by Enter to keep adding.
A "Restart" menu item in the system tray dialog allows you to restart the spamfilter without having to reboot the machines, which is convenient for activating updates that have been downloaded.
An "Open mail folder" menu item in the system tray dialog allows you to access folders used by the spam filter, such as the "clean" folder for recovering from false positive reports.
During future updates a copy of the current software version will be saved as a backup before the new version is installed, making a version "roll back" possible.

During March and April we reduced the scores for various spam markers in oder to reduce false positives (innocent emails flagged as suspect). As a side effect, more actual spam was only flagged as suspect instead of being filtered outright. The latest version will catch more of these spams again. We also specifically targetted "phishing scams", which should be detected more consistently now.

In Outlook Express and Outlook you can drag attached emails to a mail filder. This makes rrestoring mails flagged as suspect and delivered as attachments very easy. In Netscape and Mozilla Thunderbird this is not possible. You can only save the attachment as a file. Build 1.00.050706 provides one "magic" folder per email account to handle this. Any email saved to a folder called "clean" will be delivered to the inbox without any filtering. It arrives as a fresh mail, as if it had only just arrived from the outside. In a future version we may auto-whitelist the senders of all mails found in this folder, to help you keep such mails unflagged with minimal effort.

We updated our virus scanner so that it would not longer raise a false alarm from the AVAST virus scanner. That means that AVAST and jwSpamSpy will now happily coexist on the same machine (thanks to AVAST's helpful technical support!).

A bug that sometimes prevented manual entry of license keys via cut and paste on some machines was fixed.

Support for SURBL backlist (2005-02-23)
Starting from this version, jwSpamSpy queries the SURBL domain block list. This allows jwSpamSpy to catch more spam. At the same time we have reduced the scores of several spam tests that sometimes produce false positives. The combination of these two changes should ensure that more spam is caught and at the same time fewer valid mails will be flagged as suspicious.

We are aware of a conflict between PC-Cillin 2005 and its "Incoming (real-time) POP3 Scanning" feature and jwSpamSpy. You can disable the POP3 scanning in PC-Cillin 2005, as jwSpamSpy will also catch those virus emails.

Reduced false positives (Outlook Express) (2005-02-15)
Prior to this version, a mail sent via Outlook Express from a non-whitelisted sender could sometimes be flagged as suspicious. This happened when the sender kept Outlook Express runing for a long time, without ever closing the application or rebooting Windows.

Reduced false positives: Thunderbird, AspMail (2005-01-23)

Changes:

Before this update any double click on the system tray icon switched jwSpamSpy into manual mode. Now it pops up the manual dialog, but if you exit this it reverts to whatever mode it was in before. We changed this because of comments by customers who found the previous behaviour confusing.

This update prevents certain mails sent via Mozilla Thunderbird or Microsoft's AspMail from being treated as suspect. The latter problem affected United States Postal Service Delivery Confirmations. The emails were not blocked outright by our filter, but were turned into attachments to notification messages, from which they had to be retrieved by dragging them to the Inbox.

This update reduces the score at which emails from certain well known mailer programs are treated as suspect.

A problem was fixed that could lead to unjustified blacklisting of Turks and Caicos Islands (.tc) and Western Samoa (.ws) domains.

Problem with activating license key (2005-01-07)

We fixed a problem with the evaluation version that would not accept valid license keys starting from January 1, 2005. Versions downloaded before that data need to be updated before the key can be activated. The necessary instructions are contained in the notification mail automatically sent to customers who purchase a license. Versions downloaded from January 7 do not have this problems.

Reduced false positives, virus filtering (2004-12-10)
In a number of cases where previous version report legitimate mails as possible spam, jwSpamSpy no longer raises objections. This includes certain emails sent with Outlook Express with very short messages and HTML enabled, similar emails sent using IncrediMail and some FireFox emails.

Virus filtering has been updated so that certain newer variants of viruses are recognized and filtered or at least flagged as suspicious if executable or archive files are attached and certain conditions are met.

The auto-update is now a one-click operation, as the path prompt in the update archive file has been disabled. The update file is always unpacked into a folder beneath the program folder. There is now an option to not prompt for updates, for systems that boot up without anyone attending the console. With this option enabled, future updates will be automatically installed when the system boots up.

More effective whitelisting (2004-10-31)
Whitelisting a sender prevented an email from that sender from being blocked completely, but it could still be marked as suspicious. Starting from version 1.00.041031 mails from such senders will never be flagged as suspicious.

Note that as before mail from whitelisted sender addresses is stopped is if the mail contains a virus, since virtually all viruses use fake sender addresses, making the sender address check meaningless in that case.

When we extended the evaluation period from 14 days to 30 days, the warning that the trial period had expired still came up after 14 days. However, the filter only deactivated after the full 30 day trial period, as intended. We apologize for the confusion this may have caused.

Keep those virus scanners happy ;-) (2004-10-06)
Several of our trial customers refrained from installing their product after their existing virus scanner complained. This was a false alarm, we're happy to report. The scanners raised a false alarm simply because the jwSpamSpy installer included some known text messages from common viruses. We look for these messages to shield email users from pointless non-delivery notifications which are sent when their addresses are abused as fake sender addresses by email viruses such as Netsky, Bagle, etc. To avoid this problem the virus signature file in jwSpamSpy has been moved from self-extracting installer to our website. Other fixes and features:

As promised, the latest build of jwSpamSpy (2004-10-05) extends the trial period to 30 days.

A problem has been fixed where under Windows 95/98/SE in manual mode the menu would become unusable after one command (Delete / Preview / Pickup) had executed. Closing the dialog and reopening, the previous workaround, is now no longer necessary. Note that we do not routinely test the product under Windows 95/98/SE, but if you experience any problems, please report them and we'll try to fix them.

We fixed a bug where parts of blacklists and whitelists could be lost if an entry was added via cut and paste and the pasted email address or domain name included a trailing newline character or consisted of more than one line.

Separate menu item for blacklisting 419 senders.

Improved 'phishing' scam detection.

Improved whitelisting by subject tag string.

Better recognition of some Bagle virus variants.

Added filtering for more types of virus warning spam.

Improved pickup performance on very busy mailboxes.

Fixed false positive bug in Outlook Express mail checking.

Better detection of forwarded 419 scams.

Improved handling of country subdomains under .st TLD use by child pornography spams.

Extending the trial period (2004-09-27)
The next build of jwSpamSpy will have a 30 day trial period instead of the current 14 day period. This will give users more time to evaluate the product before making a choice about buying a license for the full product.

We have identified a problem with jwSpamSpy running on Windows 95/98. After picking up mail or deleting spam from the main dialog, the menus stop responding. You have to close the dialog and reopen it to issue more command. We are working on making a fix available.

Performance, server name in About dialog (2004-09-09)
The September 9, 2004 version includes several performance enhancements. Emails are now downloaded in parallel with email checking (multi-threading).

For concenience, the host name or IP address under which the email program can reach the local mail server (i.e. jwSpamSpy) is now displayed in the About jwSpamSpy dialog. Previously this name was only displayed during setup and when adding mailboxes in jwSpamSpy.

A problem that could sometimes cause the filter to get stuck while checking new mail has been fixed.

While a backup copy is normally made of all mails categorized as spam (no mail is entirely discarded), this by default is no longer the case for those mails that received the maximum spam rating. This should reduce disk space usage without sacrificing safety.

House cleaning on domain list (2004-08-04)
Today we removed all domains from the local domain blacklist (dom-bl.txt) that were added before January 5, 2004. The primary objective was to remove some "false positives", i.e. domains that were not spam domains but had gotten onto the list. In December 2003, we settled on our current procedure for determining whether a domain should be listed or not. We have had a small number of false positves amongst entries added to the list more than a year ago. By discarding older entries we minimize the chance of valid mail being blocked. Our data set now feeds into surbl.org (Spam URI Realtime Blocklists), a public URL blocklist using a DNS server.

Filtering MyDoom worm (2004-07-26)
Starting with build 1.00.040703, jwSpamSpy filters the MyDoom.M / MyDoom.M virus. These viruses were not recognized by earlier versions of the software.

This version also fixes a problem with invalid evaluation period expiry dates, that were produced when an evaluation version was installed on certain dates.

Outlook Express automatically closed during install (2004-07-03)
Starting with build 1.00.040726, jwSpamSpy automatically closes Outlook Express during its installation. This prevents a potential problem that occurred on earlier versions. jwSpamSpy can automatically import email account settings from Outlook Express and change its settings so it will pick up mail from the local mailbox filtered by jwSpamSpy. However, if the Outlook Express main window or any email windows were left open while jwSpamSpy was being installed, Outlook Express would not become aware of the changes made to its settings until it was closed and restarted. As a result, it would not see new mails that were downloaded by jwSpamSpy.

User interface: Doubleclick, Exit to Manual (2004-06-24)
Starting with build 1.00.040624, you can invoke the main dialog of jwSpamSpy with a doubleclick of the left mouse button on the system tray icon, instead of first having to invoke the context menu of the tray icon with a right click and then selecting Manual Mode.

When you invoke the main dialog either way, you will enter Manual Mode, i.e. periodic checking for email gets suspended. To close the main dialog and re-activate Automatic Mode so that new mails get filtered every couple of minutes there is now a shortcut command in the menu of the main dialog: "jwSpamSpy | Exit to Automatic".

We hope you'll enjoy these enhancements :-)

Abuse contact database and dialog (2004-06-23)
Starting with build 1.00.040623, jwSpamSpy lets you quickly determine who to contact for spam or viruses originating from a given IP address. "Tools | Lookup abuse contact..." opens a dialog with a field into which you can type or paste the IP address. It fills in two fields with the email address or website URL for reporting abuse incidents to the company that owns the IP addresses. You can paste the reponse into your email program to quickly and easily report incidents. Our database covers major ISPs in the USA, Canada, Europe, Australia and Japan from which we received viruses in recent months.

Local mailbox host can be specified as a name (2004-06-13)
When you install jwSpamSpy, you can specify the machine from which email clients will pick up filtered mail. Normally this is the IP address 127.0.0.1, a value that always refers to the local machine ("localhost"). However, if you want to run the filter and the mail programm on different machines, you needed to specify a fixed IP address, such as 192.168.200.100. This was fine if a fixed IP value was explicitly assigned in the TCP/IP-settings, but would not work if the machine used a dynamically assigned address (DHCP). Starting with build 1.00.040613, the jwSpamSpy Setup program also supports specifying machine names such as DellPentium4 for the jwSpamSpy host. The mail application can then use the machine name as the mail server from which it picks up mail. This allows jwSpamSpy to run on a separate server which uses a DHCP-assigned IP address.

Workaround for cppop quirk (2004-06-13)
In some cases jwSpamSpy could not retrieve mails from mail servers running cppop, which returned incorrect message sizes when queried about pending mails. Starting with build 1.00.040613, jwSpamSpy is compatible with this mail server.

Spam with .cx-domains could hang jwSpamSpy (2004-06-07)
Problem: Spam emails advertising domains registered on the Christmas Islands (ccTLD .cx) can hang jwSpamSpy.
Explanation: The domain registry for .cx domains does not have a working WHOIS-server. When jwSpamSpy tries to query the server, it can get stuck.
Symptoms: No new mails delivered. jwSpamSpy manual mode dialog will not come up. In Windows 2000 or XP, if you use Ctrl+Alt-Del to bring up the task manager, you will see "jwSpamSpy.exe" in the list of processes indefinitely.
Workaround/Fix: If jwSpamSpy gets stuck, use Ctrl+Alt-Del, then "T" to invoke the Task Manager. Click the "Processes" tab. Click on "jwSpamSpy.exe" in the list of processes, then "End Process", confirm "Yes". Browse to the jwSpamSpy application folder, usually C:\Program Files\JoeWein\SpamSpy. Open the bl folder. Create a new text file in it (right mouse click, "New", "Text document") and name it "whois-hosts.txt". Open it and add the following line to it:

cx;null

The latest build, jwSpamSpy 1.00.040607 (June 7, 2004) fixed this problem by no longer querying a whois-server for .cx domains and by better handling time-outs from failed whois-queries.

jwSpamSpy shows statistics of filter results (2004-06-01)
The "About jwSpamSpy" dialog now shows how many mails have been checked and what percentage was spam, non-spam or viruses:

Ad-aware prevents jwSpamSpy from installing correctly (2004-05-28)
Problem:Ad-aware 6, a spyware detector by Lavasoft, can prevent jwSpamSpy from installing correctly as it prevents our install program from making the necessary changes to the Windows registry.
Symptom: When you start your computer, the jwSpamspy icon does not appear in the system tray and your email application can not check the local POP mailboxes until you manually launch jwSpamStartup.exe from the jwSpamSpy application folder, usuall C:\Program Files\JoeWein\SpamSpy.
Solution: Turn off Ad-aware before installing jwSpamSpy. You may reenable it once you've completed the jwSpamSpy setup. Should you wish to uninstall jwSpamSpy for any reason, you will also need to temporarily disable Ad-aware.

Links:
jwSpamSpy - spam and virus filter for POP3 mailboxes
ReadMe notes for jwSpamSpy
Frequently Asked Questions (FAQ) for jwSpamSpy