You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Martin Hepworth <ma...@solid-state-logic.com> on 2005/05/16 11:01:56 UTC
more obsfucated url tricks
Hi all
Using SA 3.0.3 with most of the SARE rules, pyzor, all the SURBL.org
URI-RBLS etc etc along with a few extras.
We got alot lof spam this weekend where the URL was interestingly
obsfucated. here's an example or two..
<a
href=http://gi-19.r6xmf38p75f2pm6mk57lfww7r.l-31.h-13.i-25.positionside.net/icey/?j=gvq0a776b7c7e7378loy&s=g724a7d7976736e3tu&v=xh77d7e6b7e6f3776yx&r=osh7971736d386d7977xj&l=ojko>Click
here to claim your ice cream gift certificate</a><br>
<a
href="http://ab-7.c-19.c-13.f-25.2yst3lgdfj3cdtyt7jfa366f2.positionfemale.net/walm/?pl=gmx0a776b7c7e7km&z=vl378724a7d797r&po=rx6736e377d7e6lp&oy=onvb7e6f3776797m&m=k1736d386d7977nik&m=yqm">Please
Click
Here</a>
Any ideas, part from wait till 3.1 :-)
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: {Spam?} more obsfucated url tricks
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Raymond Dijkxhoorn wrote:
> Hi!
>
>> Using SA 3.0.3 with most of the SARE rules, pyzor, all the SURBL.org
>> URI-RBLS etc etc along with a few extras.
>>
>> We got alot lof spam this weekend where the URL was interestingly
>> obsfucated. here's an example or two..
>
>
> X-Prolocation-MailScanner-SpamCheck: spam, SpamAssassin (score=13.459,
> required 5, RAZOR2_CF_RANGE_51_100 1.48, RAZOR2_CHECK 0.15,
> URIBL_AH_DNSBL 1.50, URIBL_JP_SURBL 3.90, URIBL_OB_SURBL 2.00,
> URIBL_SBL 3.90, URIBL_WS_SURBL 0.54)
>
> Pickup the latest CVS and its allready picking them up...
>
> Bye,
> Raymond.
Don't want to run bleeding edge stuff! (well OK not SA bleeding edge, I
have enough with running MailScanner Beta's)
Anyway a quick of today reveals they are being picked buy the
URI-RBL's. Just had to wait for them to catch up...
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: {Spam?} more obsfucated url tricks
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hi!
> Using SA 3.0.3 with most of the SARE rules, pyzor, all the SURBL.org URI-RBLS
> etc etc along with a few extras.
>
> We got alot lof spam this weekend where the URL was interestingly obsfucated.
> here's an example or two..
X-Prolocation-MailScanner-SpamCheck: spam, SpamAssassin (score=13.459,
required 5, RAZOR2_CF_RANGE_51_100 1.48, RAZOR2_CHECK 0.15,
URIBL_AH_DNSBL 1.50, URIBL_JP_SURBL 3.90, URIBL_OB_SURBL 2.00,
URIBL_SBL 3.90, URIBL_WS_SURBL 0.54)
Pickup the latest CVS and its allready picking them up...
Bye,
Raymond.