You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2005/02/27 17:21:31 UTC

Re: Obfuscation

I had a trick I was using in Exim that worked pretty well and cound be 
recoded in perl.

First - I had a list of words spelled correctly that spammers often 
deliberately misspell.

What I did was take the subject and the first 200 characters of the 
body. Then I removed all the words matching the list that were spelled 
correctly. Then I translated letters used to objuscate into the letters 
that they were faking and I removed all characters that we junk spacing 
characters. This process "corrected" the spelling of the ofuscated 
words. I then compared the strings to my original list and if I found a 
word it was because it was deliberately misspelled.

Kenneth Porter wrote:

> --On Thursday, February 24, 2005 6:07 PM -0500 Phil Barnett 
> <ph...@philb.us> wrote:
>
>> i or l = [|ííiil1]
>>
>> a = [aã@]
>>
>> e = [eé3]
>>
>> o = [o0]
>
>
> It seems like this is getting overly-complicated. Are there any 
> libraries for doing fuzzy string matching and obfuscation detection 
> that could be used instead of Perl regex's?
>

-- 
Marc Perkel - marc@perkel.com

Spam Filter: http://www.junkemailfilter.com
    My Blog: http://marc.perkel.com
My Religion: http://www.churchofreality.org
~ "If it's real - we believe in it!" ~