You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Dan Simmons <dn...@gmail.com> on 2005/04/26 02:07:19 UTC
Does anyone have a rule to get rid of these types of messages
------------=_010402050705060707060009
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
------------=_010402050705060707060009
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit
------------=_010402050705060707060009--
<HTML><HEAD>
</HEAD>
<BODY>
<FONT SIZE=2></FONT><DIV align=left>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TR vAlign=bottom>
<TD rowSpan=2 bgcolor="#adff2f">
<FONT face=Verdana size=3>
Sa</FONT></TD>
<TD bgcolor="#adff2f"><FONT></FONT></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana size=3>p
To 95</FONT></TD>
<TD bgcolor="#adff2f"><STRONG></STRONG></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana
size=3> OF</FONT></TD>
<TD bgcolor="#adff2f"><FONT SIZE=1></FONT></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana
size=3> Reta <font></font>
</FONT></TD>
<TD bgcolor="#adff2f"><STRONG></STRONG></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana
size=3>il Pri </FONT></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana size=3> ces With
ED-D</FONT></TD>
<TD bgcolor="#adff2f"><FONT SIZE=2></FONT></TD>
<TR>
<TD bgcolor="#adff2f"><FONT face=Verdana size=3>ve U</FONT></TD>
<TD bgcolor="#adff2f"><FONT face=Verdana size=3>%</FONT></TD>
<TD bgcolor="#adff2f"><FONT face=Verdana size=3>F</FONT></TD>
<TD bgcolor="#adff2f"><FONT SIZE=2></FONT></TD>
<TD bgcolor="#adff2f"><FONT face=Verdana size=3>rugs!
</TD></TR></TABLE></DIV></FONT>
<DIV align=left>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TR vAlign=bottom>
<TD rowSpan=2 bgcolor="antiquewhite">
<FONT face=Verdana size=3
color="#0000ff"> VI</FONT></TD>
<TD bgcolor="antiquewhite"> </TD>
<TD rowSpan=2 bgcolor="antiquewhite">
<FONT face=Verdana size=3 color="#0000ff">RA, </FONT>
<FONT face=Verdana size=3 color="#2e8b57"> CI</FONT></TD>
<TD bgcolor="antiquewhite"> </TD>
<TD rowSpan=2 bgcolor="antiquewhite"><FONT face=Verdana size=3
color="#2e8b57">S, </FONT>
<FONT face=Verdana size=3 color="#2f4f4f"> LE</FONT></TD>
<TD bgcolor="antiquewhite"> </TD>
<TD rowSpan=2 bgcolor="antiquewhite"><FONT face=Verdana size=3
color="#2f4f4f">RA, </FONT>
<FONT face=Verdana size=3 color="#4b0082"> UL</FONT></TD>
<TD bgcolor="antiquewhite"> </TD>
<TD rowSpan=2 bgcolor="antiquewhite">
<FONT face=Verdana size=3 color="#4b0082">AM</FONT></TD>
<TD rowSpan=2 bgcolor="antiquewhite">
<FONT face=Verdana size=3 color="#708090">, SO</FONT></TD>
<TD bgcolor="antiquewhite"> </TD>
<TR>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3
color="#0000ff">AG</FONT></TD>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3
color="#2e8b57">ALI</FONT></TD>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3
color="#2f4f4f">VIT</FONT></TD>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3
color="#4b0082">TR</FONT></TD>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3
color="#696969">MA </FONT></TD>
</TR></TABLE></DIV>
<DIV align=left>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TR vAlign=bottom>
<TD rowSpan=2 bgcolor="antiquewhite">
<P><FONT face=Verdana
size=3> $1.</FONT></P></TD>
<TD bgcolor="antiquewhite"> </TD>
<TD rowSpan=2 bgcolor="antiquewhite">
<FONT face=Verdana
size=3> <STRONG></STRONG>$1.</FONT></TD>
<TD bgcolor="antiquewhite"> <FONT SIZE=2></FONT></TD>
<TD rowSpan=2 bgcolor="antiquewhite"><FONT
face=Verdana size=3> $1.</FONT></TD>
<TD bgcolor="antiquewhite"> <STRONG></STRONG></TD>
<TD rowSpan=2 bgcolor="antiquewhite"><FONT face=Verdana
size=3> $1.</FONT></TD>
<TD bgcolor="antiquewhite"> <font></font></TD>
<TD rowSpan=2 bgcolor="antiquewhite"> </TD>
<TD rowSpan=2 bgcolor="antiquewhite"><FONT SIZE=1></FONT><FONT
face=Verdana size=3> $1.</FONT></TD>
<TD bgcolor="antiquewhite"> </TD>
<TR>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3>15</FONT></TD>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3>77</FONT></TD>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3>11</FONT></TD>
<TD bgcolor="antiquewhite"><FONT face=Verdana size=3>27</FONT></TD>
<TD bgcolor="antiquewhite"><FONT face=Verdana
size=3>88 <FONT></FONT> </FONT>
</TD></TR></TABLE></DIV>
<DIV align=left>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TR vAlign=bottom>
<TD rowSpan=2 bgcolor="#adff2f">
<FONT color=black><FONT size=2><FONT face=Verdana
size=3> To</FONT></TD>
<TD bgcolor="#adff2f"> </TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana
size=3> Spe</FONT></TD>
<TD bgcolor="#adff2f"><FONT SIZE=1></FONT></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana
size=3>: Via</FONT></TD>
<TD bgcolor="#adff2f"><FONT></FONT></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana size=3>
30x100m</FONT></TD>
<TD bgcolor="#adff2f"><STRONG></STRONG></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana size=3>ls on</FONT></TD>
<TD rowSpan=2 bgcolor="#adff2f"><FONT face=Verdana
size=3>ly $59.<STRONG></STRONG></FONT></TD>
<TD bgcolor="#adff2f"><STRONG></STRONG></TD>
<TR>
<TD bgcolor="#adff2f"><FONT face=Verdana size=3>day</FONT></TD>
<TD bgcolor="#adff2f"><FONT face=Verdana size=3>cial</FONT></TD>
<TD bgcolor="#adff2f"><FONT face=Verdana size=3>gra</FONT></TD>
<TD bgcolor="#adff2f"><FONT face=Verdana size=3>g pil</FONT></TD>
<TD bgcolor="#adff2f"><FONT face=Verdana
size=3>95 <STRONG></STRONG> </FONT>
</TD></TR></TABLE></FONT></DIV>
<DIV align=left> </DIV>
<DIV align=left><FONT face=Verdana size=3><A
href="http://ukbyfzovkfmz.net&saaplurfngdush5utq4x%2Erancejknfl%2Ecom/">C8lick
her9e for our pi1ll of the day s5pecial!
<font></font></A></FONT></DIV><br><br><FONT></FONT><br>
<DIV align=left><FONT face=Arial size=1>strong, and Alan began to
suffer in proportion. From Prestonpans he<br>repeat his words; you
have not forgotten yourself, I hope?<br>her newspaper in her hand, and
said, out of breath, My goodness</FONT> </DIV>
</BODY></HTML>
Re: Does anyone have a rule to get rid of these types of messages
Posted by Matt Kettler <mk...@evi-inc.com>.
Dan Simmons wrote:
<deleted spam>
SURBL, and Razor 2 truly tore this message up on my system. All based on
a URI being present.
(score=9.931, required 5, BAYES_01 -1.52, HTML_70_80 0.10,
HTML_FONTCOLOR_BLUE 0.10, HTML_FONTCOLOR_UNKNOWN 0.10,
HTML_FONTCOLOR_UNSAFE 0.10, HTML_MESSAGE 0.10, HTTP_ESCAPED_HOST
1.51, INFO_GREYLIST_NOTDELAYED -0.00, JP_URI_RBL 1.00, OB_URI_RBL
2.10, RAZOR2_CF_RANGE_51_100 0.20, RAZOR2_CHECK 1.05, SPAMCOP_URI_RBL
3.00, WS_URI_RBL 2.10)
So it hit all of the following:
Razor2 (e8 based URI check)
spamcop URI
WS URI
JP URI
OB URI
It's also one of the latest "HTML table obfuscation" spams, which you
might want to try this rule from the thread "Tables obscuring words"
circa 4/8/2005 on this list:
This variant posted by Jesse Houwing from SARE:
rawbody TABLEOBFU
/<td([^>]|"[^"]*"|'[^']*')*>(<([^>]|"[^"]*"|'[^']*')*>)*[a-z]{1,2}(<([^>]|"[^"]*"|'[^']*')*>)*<\/td([^>]|"[^"]*"|'[^']*')*>/i
score TABLEOBFU 2
I don't have this rule on my system, so regard the above as untested.
Also see the thread "Extra Sare Rules for meds?" circa 4/6/2005 on this list
Re: [SPAM-TAG] Does anyone have a rule to get rid of these types of messages
Posted by Jeff Chan <je...@surbl.org>.
SURBLs will catch these because of:
> href="http://ukbyfzovkfmz.net&saaplurfngdush5utq4x%2Erancejknfl%2Ecom/">C8lick
> her9e for our pi1ll of the day s5pecial!
http://www.surbl.org/
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/