You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by John Hardin <jh...@impsec.org> on 2009/04/11 19:07:48 UTC
20_sought.cf problems?
Justin:
In digging around to see what's up with the SARE sa-update failing at my
site I took a peek in the yerp.org subdirectory, and was somewhat
surprised to see:
root@ga /var/lib/spamassassin/3.002005/sought_rules_yerp_org # ll
total 388
-rw-r--r-- 1 root root 114 Apr 11 04:08 20_sought.cf
-rw-r--r-- 1 root root 382812 Apr 11 04:08 20_sought_fraud.cf
-rw-r--r-- 1 root root 29 Apr 11 04:08 MIRRORED.BY
All that's in 20_sought.cf is:
meta JM_SOUGHT_1 (0)
score JM_SOUGHT_1 0
describe JM_SOUGHT_1 Body contains frequently-spammed text patterns
Is the 20_sought bot busted?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
An entitlement beneficiary is a person or special interest group
who didn't earn your money, but demands the right to take your
money because they *want* it. -- John McKay, _The Welfare State:
No Mercy for the Middle Class_
-----------------------------------------------------------------------
2 days until Thomas Jefferson's 266th Birthday
Re: 20_sought.cf problems?
Posted by Justin Mason <jm...@jmason.org>.
yep!
2009/4/13 Karsten Bräckelmann <gu...@rudersport.de>:
> On Mon, 2009-04-13 at 01:43 +0100, Ned Slider wrote:
>> Thanks Jason - looks like these are back in business now :)
>
> They are indeed... :)
>
>> This rule made me chuckle though, not sure how many hits I'll get on it:
>>
>> body __SEEK_JRZRF8 /Dear jmason\@users\.sourceforge\.net,/
>
> Nice catch, Nider. ;) Something missed by the sanitizer?
>
>
> --
> char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
>
>
Re: 20_sought.cf problems?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2009-04-13 at 01:43 +0100, Ned Slider wrote:
> Thanks Jason - looks like these are back in business now :)
They are indeed... :)
> This rule made me chuckle though, not sure how many hits I'll get on it:
>
> body __SEEK_JRZRF8 /Dear jmason\@users\.sourceforge\.net,/
Nice catch, Nider. ;) Something missed by the sanitizer?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: 20_sought.cf problems?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
> > > Thanks Jason
>
> Oops - My apologies to Justin :)
So you didn't get the Nider? ;-)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: 20_sought.cf problems?
Posted by Ned Slider <ne...@unixmail.co.uk>.
mouss wrote:
> Ned Slider a écrit :
>> Justin Mason wrote:
>>> oops. I need to classify more spam/ham :(
>>>
>>> --j.
>>>
>> Thanks Jason
>
>
> Jason? is that a contraction of Justin and mASON? :)
>
>> [snip]
>
Oops - My apologies to Justin :)
Re: 20_sought.cf problems?
Posted by mouss <mo...@ml.netoyen.net>.
Ned Slider a écrit :
> Justin Mason wrote:
>> oops. I need to classify more spam/ham :(
>>
>> --j.
>>
>
> Thanks Jason
Jason? is that a contraction of Justin and mASON? :)
>[snip]
Re: 20_sought.cf problems?
Posted by Ned Slider <ne...@unixmail.co.uk>.
Justin Mason wrote:
> oops. I need to classify more spam/ham :(
>
> --j.
>
Thanks Jason - looks like these are back in business now :)
This rule made me chuckle though, not sure how many hits I'll get on it:
body __SEEK_JRZRF8 /Dear jmason\@users\.sourceforge\.net,/
:-D
Re: 20_sought.cf problems?
Posted by Justin Mason <jm...@jmason.org>.
oops. I need to classify more spam/ham :(
--j.
On Sat, Apr 11, 2009 at 18:07, John Hardin <jh...@impsec.org> wrote:
> Justin:
>
> In digging around to see what's up with the SARE sa-update failing at my
> site I took a peek in the yerp.org subdirectory, and was somewhat surprised
> to see:
>
> root@ga /var/lib/spamassassin/3.002005/sought_rules_yerp_org # ll
> total 388
> -rw-r--r-- 1 root root 114 Apr 11 04:08 20_sought.cf
> -rw-r--r-- 1 root root 382812 Apr 11 04:08 20_sought_fraud.cf
> -rw-r--r-- 1 root root 29 Apr 11 04:08 MIRRORED.BY
>
> All that's in 20_sought.cf is:
>
> meta JM_SOUGHT_1 (0)
> score JM_SOUGHT_1 0
> describe JM_SOUGHT_1 Body contains frequently-spammed text patterns
>
> Is the 20_sought bot busted?
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> An entitlement beneficiary is a person or special interest group
> who didn't earn your money, but demands the right to take your
> money because they *want* it. -- John McKay, _The Welfare State:
> No Mercy for the Middle Class_
> -----------------------------------------------------------------------
> 2 days until Thomas Jefferson's 266th Birthday
>
>