You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Frank Tore Johansen <fr...@osc.no> on 2004/02/13 10:12:20 UTC

I'm getting tired of these...

Has anyone already made a rule for these? (See attachments for 
two spam-samples)

Excerp from one (btw, how can you safely whitelist emails on this
mailing list?  Has such rules ever been abused?)

  Plus: P@xi`l, Bu'sp@r, Ad|p.&x, I0nam.|n, M3ridi'a, X.3nica|, Am`bi3n,
  S0n'aTa, Fl3xe'ril, Ce|3b:rex, F`i0ric3t, Tram@do:|, U, L3v`|tra,
  P:r0p3cia, Acyc|0vi'r, Pr0.z@c

-Frank.

Re: I'm getting tired of these...

Posted by Martin Hepworth <ma...@solid-state-logic.com>.

Frank Tore Johansen wrote:
> Has anyone already made a rule for these? (See attachments for 
> two spam-samples)
> 
> Excerp from one (btw, how can you safely whitelist emails on this
> mailing list?  Has such rules ever been abused?)
> 
>   Plus: P@xi`l, Bu'sp@r, Ad|p.&x, I0nam.|n, M3ridi'a, X.3nica|, Am`bi3n,
>   S0n'aTa, Fl3xe'ril, Ce|3b:rex, F`i0ric3t, Tram@do:|, U, L3v`|tra,
>   P:r0p3cia, Acyc|0vi'r, Pr0.z@c
> 
> -Frank.
> 
> 

Frank


scored over 10 on my system..
(score=10.804,	required 5, BIZ_TLD 0.10, HTML_MESSAGE 0.10, 
J_CHICKENPOX_12 0.60,	J_CHICKENPOX_22 0.60, J_CHICKENPOX_71 0.60, 
LOCAL_OBFU_VGR 1.80,	OACYS_CONS_6 1.00, OACYS_DISGUISED_P0RN 6.00, 
RM_rb_BODY 0.00,	RM_rb_HTML 0.00, RM_rb_PARA 0.00, RM_rb_TITLE 0.00)

running SA 2.63 with most of the rules from Chris's rules emporiam.


-- 
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

Re: I'm getting tired of these...

Posted by Chris Thielen <cm...@someone.dhs.org>.

Frank,

Frank Tore Johansen said:
>
> Has anyone already made a rule for these? (See attachments for
> two spam-samples)

Try these generated rules from the CMOScript CGI:
http://sandgnat.com/cmos/cmos.jsp?words=phentermin+viagra+valium+paxil+buspar+adipex+ionamin+meridia+xenical+ambien+sonata+flexeril+celebrex+fioricet+tramadol+levitra+propecia+acyclovir+prozac+ultram+ativan+soma

I haven't tested this particular set for false positives, so it might be
prudent to do so yourself.

>
> Excerp from one (btw, how can you safely whitelist emails on this
> mailing list?  Has such rules ever been abused?)

use whitelist_from_rcvd instead of whitelist_from, methinks (I personally
skip checking posts to this list using procmail based on List-ID header)


--
Chris Thielen

Easily generate SpamAssassin rules to catch obfuscated spam phrases
(0BFU$C/\TED SPA/\/\ P|-|RA$ES):
http://www.sandgnat.com/cmos/