You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mike Kenny <in...@gmail.com> on 2007/01/29 13:27:04 UTC
What are the CHICKENPOX tests meant to trap
The subject may be sufficient. I have a file in my /etc/mail/spamassassin
directory named 88_chickenpox. It seems to be checking for various sequence
of a number of alpha followed by a punctuation character followed by a
number of alpha. Any mail wit ha base64 encoded attachment appears to
trigger on many of the CHICKENPOX rules. I believe I should disable these
tests, but as I don't know what they are meant to be trapping I am a little
bit concerned. Anybody familiar with these tests?
Mike
Re: What are the CHICKENPOX tests meant to trap
Posted by Mike Kenny <in...@gmail.com>.
On 1/29/07, Nick Leverton <nj...@leverton.org> wrote:
>
> They were intended to detect obfuscated spams, but I think they're not
> really needed now that SA includes 20_drugs.cf and the ReplaceTags plugin.
> As you say they did FP quite often on base64, on program code, and even on
> ham from people who just punctuate oddly. I deleted the chickenpox
> ruleset when I upgraded to SA 3.1 anyway.
>
> Nick
>
Thanks Nick, I think I will do the same
Re: What are the CHICKENPOX tests meant to trap
Posted by Nick Leverton <nj...@leverton.org>.
On Monday 29 January 2007 12:27, Mike Kenny wrote:
> The subject may be sufficient. I have a file in my
> /etc/mail/spamassassin directory named 88_chickenpox. It seems to be
> checking for various sequence of a number of alpha followed by a
> punctuation character followed by a number of alpha. Any mail wit ha
> base64 encoded attachment appears to trigger on many of the CHICKENPOX
> rules. I believe I should disable these tests, but as I don't know what
> they are meant to be trapping I am a little bit concerned. Anybody
> familiar with these tests?
They were intended to detect obfuscated spams, but I think they're not
really needed now that SA includes 20_drugs.cf and the ReplaceTags plugin.
As you say they did FP quite often on base64, on program code, and even on
ham from people who just punctuate oddly. I deleted the chickenpox
ruleset when I upgraded to SA 3.1 anyway.
Nick