You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Martin Hepworth <ma...@solid-state-logic.com> on 2005/05/27 12:52:25 UTC
problem with split line URL's
Hi
I've been attempting to get the split line URL rule working - this one..
rawbody __LW_URI_CR1 /href=\"[^"]*\r[^\n]/is
full __LW_URI_CR2 /href=\"[^"]*\r[^\n]/is
meta LW_URI_CR __LW_URI_CR1 || __LW_URI_CR2
score LW_URI_CR 2
describe LW_URI_CR unescaped cr in uri
I get quite a few spams that have this kind of URL within them..
<A href="h
ttp:/
/bnonfotphbjf.org&leuhpma0tq75u076lha%2Eul
liful
l8%2Ecom/">
Which dont seem to trigger the above rule. Any ideas?
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: problem with split line URL's
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Martin
Ta - I'll try that. I've submitted the full example for Loren and Bob to
try their spam-jitsu on so we'll see how both ways go.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
martin smith wrote:
> -----Original Message-----
> M>From: Martin Hepworth
> M>Sent: 31 May 2005 17:45
> M>To: Robert Menschel
> M>Cc: SpamAssassin Users
> M>Subject: Re: problem with split line URL's
> M>
> M>Robert
> M>
> M>just got one in - no matches...
> M>
> M>If anyone wants an example let me know..
> M>
> M>--
> M>Martin Hepworth
>
> Ok just got a spam and that didn't fire so, did a quick revision, changed
> body to full.
>
> full MS_Broken_URL /\b(?!http)h\s?t\s?t\s?p\s?/i
> score MS_Broken_URL 1
> describe MS_Broken_URL URL split between lines
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: problem with split line URL's
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Martin
yup - that works.
I'll up the score and hopefully I'd be able to trap the things more
realiably now..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
martin smith wrote:
> -----Original Message-----
> M>From: Martin Hepworth
> M>Sent: 31 May 2005 17:45
> M>To: Robert Menschel
> M>Cc: SpamAssassin Users
> M>Subject: Re: problem with split line URL's
> M>
> M>Robert
> M>
> M>just got one in - no matches...
> M>
> M>If anyone wants an example let me know..
> M>
> M>--
> M>Martin Hepworth
>
> Ok just got a spam and that didn't fire so, did a quick revision, changed
> body to full.
>
> full MS_Broken_URL /\b(?!http)h\s?t\s?t\s?p\s?/i
> score MS_Broken_URL 1
> describe MS_Broken_URL URL split between lines
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
RE: problem with split line URL's
Posted by martin smith <ma...@ntlworld.com>.
-----Original Message-----
M>From: Martin Hepworth
M>Sent: 31 May 2005 17:45
M>To: Robert Menschel
M>Cc: SpamAssassin Users
M>Subject: Re: problem with split line URL's
M>
M>Robert
M>
M>just got one in - no matches...
M>
M>If anyone wants an example let me know..
M>
M>--
M>Martin Hepworth
Ok just got a spam and that didn't fire so, did a quick revision, changed
body to full.
full MS_Broken_URL /\b(?!http)h\s?t\s?t\s?p\s?/i
score MS_Broken_URL 1
describe MS_Broken_URL URL split between lines
Re: problem with split line URL's
Posted by Fred <sp...@freddyt.com>.
martin smith wrote:
> I had a rule I was working on, it works on the example u pasted, be
> interested if this works, if not if you could send me a sample to
> work on.
> Use at your own risk has I havent checked it that well for FP's
Martin,
I checked your rule for FPs for you, the results are:
URL_A = full
URL_B = rawbody
OVERALL% SPAM% HAM% S/O RANK SCORE NAME
5106 917 4189 0.180 0.00 0.00 (all messages)
11 11 0 1.000 1.00 1.00 MS_Broken_URL_A
0 0 0 0.500 0.00 1.00 MS_Broken_URL_B
That's 11 spam hits and 0 ham hits, so the FULL version did better in my
e-mail corpus.
RE: problem with split line URL's
Posted by martin smith <ma...@ntlworld.com>.
M>-----Original Message-----
M>From: Martin Hepworth [mailto:martinh@solid-state-logic.com]
M>Sent: 31 May 2005 17:45
M>To: Robert Menschel
M>Cc: SpamAssassin Users
M>Subject: Re: problem with split line URL's
M>
M>Robert
M>
M>just got one in - no matches...
M>
M>If anyone wants an example let me know..
M>
M>--
M>Martin Hepworth
I had a rule I was working on, it works on the example u pasted, be
interested if this works, if not if you could send me a sample to work on.
body MS_Broken_URL /\b(?!http)h\s?t\s?t\s?p\s?/i
score MS_Broken_URL 1
describe MS_Broken_URL URL split between lines
Use at your own risk has I havent checked it that well for FP's
Martin
Re: problem with split line URL's
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Robert
just got one in - no matches...
If anyone wants an example let me know..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Robert Menschel wrote:
> Hello Martin,
>
> Friday, May 27, 2005, 3:52:25 AM, you wrote:
>
> MH> Hi
>
> MH> I've been attempting to get the split line URL rule working - this one..
>
> I believe the working rule that matches all active spam using this
> trick is now active in 70_sare_obfu.cf
>
> Bob Menschel
>
>
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: problem with split line URL's
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
works for me fine......
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
jdow wrote:
> Oops - spamassassin --lint barfed all over these new rules. Most of
> their names were over the character count limit.
> {^_^}
> ----- Original Message -----
> From: "Martin Hepworth" <ma...@solid-state-logic.com>
> Cc: "SpamAssassin Users" <us...@spamassassin.apache.org>
> Sent: 2005 May, 31, Tuesday 02:35
> Subject: Re: problem with split line URL's
>
>
>
>>Bob
>>
>>Ta - I've upgraded the rules and we'll see how we get on..
>>
>>--
>>Martin Hepworth
>>Snr Systems Administrator
>>Solid State Logic
>>Tel: +44 (0)1865 842300
>>
>>
>>Robert Menschel wrote:
>>
>>>Hello Martin,
>>>
>>>Friday, May 27, 2005, 3:52:25 AM, you wrote:
>>>
>>>MH> Hi
>>>
>>>MH> I've been attempting to get the split line URL rule working - this
>
> one..
>
>>>I believe the working rule that matches all active spam using this
>>>trick is now active in 70_sare_obfu.cf
>>>
>>>Bob Menschel
>>>
>>>
>>>
>>
>>**********************************************************************
>>
>>This email and any files transmitted with it are confidential and
>>intended solely for the use of the individual or entity to whom they
>>are addressed. If you have received this email in error please notify
>>the system manager.
>>
>>This footnote confirms that this email message has been swept
>>for the presence of computer viruses and is believed to be clean.
>>
>>**********************************************************************
>
>
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re[2]: problem with split line URL's
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello jdow,
Tuesday, May 31, 2005, 2:56:20 AM, you wrote:
j> Seems to be the 99_OBFU_drugs.cf file.
j> {^_^}
Where did you find those? I don't have them in my SARE collection.
My guess is they haven't been looked at or updated since 2.something
Bob Menschel
j> ----- Original Message -----
j> From: "jdow" <jd...@earthlink.net>
j> To: <us...@spamassassin.apache.org>
j> Sent: 2005 May, 31, Tuesday 02:45
j> Subject: Re: problem with split line URL's
>> Oops - spamassassin --lint barfed all over these new rules. Most of
>> their names were over the character count limit.
>> {^_^}
>> ----- Original Message -----
>> From: "Martin Hepworth" <ma...@solid-state-logic.com>
>> Cc: "SpamAssassin Users" <us...@spamassassin.apache.org>
>> Sent: 2005 May, 31, Tuesday 02:35
>> Subject: Re: problem with split line URL's
>>
>>
>> > Bob
>> >
>> > Ta - I've upgraded the rules and we'll see how we get on..
>> >
>> > --
>> > Martin Hepworth
>> > Snr Systems Administrator
>> > Solid State Logic
>> > Tel: +44 (0)1865 842300
>> >
>> >
>> > Robert Menschel wrote:
>> > > Hello Martin,
>> > >
>> > > Friday, May 27, 2005, 3:52:25 AM, you wrote:
>> > >
>> > > MH> Hi
>> > >
>> > > MH> I've been attempting to get the split line URL rule working - this
>> one..
>> > >
>> > > I believe the working rule that matches all active spam using this
>> > > trick is now active in 70_sare_obfu.cf
>> > >
>> > > Bob Menschel
>> > >
>> > >
>> > >
>> >
>> >
>> **********************************************************************
>> >
>> > This email and any files transmitted with it are confidential and
>> > intended solely for the use of the individual or entity to whom they
>> > are addressed. If you have received this email in error please notify
>> > the system manager.
>> >
>> > This footnote confirms that this email message has been swept
>> > for the presence of computer viruses and is believed to be clean.
>> >
>> >
>> **********************************************************************
>>
--
Best regards,
Robert mailto:Robert@Menschel.net
Re: problem with split line URL's
Posted by jdow <jd...@earthlink.net>.
Seems to be the 99_OBFU_drugs.cf file.
{^_^}
----- Original Message -----
From: "jdow" <jd...@earthlink.net>
To: <us...@spamassassin.apache.org>
Sent: 2005 May, 31, Tuesday 02:45
Subject: Re: problem with split line URL's
> Oops - spamassassin --lint barfed all over these new rules. Most of
> their names were over the character count limit.
> {^_^}
> ----- Original Message -----
> From: "Martin Hepworth" <ma...@solid-state-logic.com>
> Cc: "SpamAssassin Users" <us...@spamassassin.apache.org>
> Sent: 2005 May, 31, Tuesday 02:35
> Subject: Re: problem with split line URL's
>
>
> > Bob
> >
> > Ta - I've upgraded the rules and we'll see how we get on..
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >
> > Robert Menschel wrote:
> > > Hello Martin,
> > >
> > > Friday, May 27, 2005, 3:52:25 AM, you wrote:
> > >
> > > MH> Hi
> > >
> > > MH> I've been attempting to get the split line URL rule working - this
> one..
> > >
> > > I believe the working rule that matches all active spam using this
> > > trick is now active in 70_sare_obfu.cf
> > >
> > > Bob Menschel
> > >
> > >
> > >
> >
> > **********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> > **********************************************************************
>
Re: problem with split line URL's
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
hmm
these aren't in my copy of Bob's rules, you must have put them in yourself..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
jdow wrote:
> Specifically:
> warning: rule 'LOCAL_OBFU_CARISOPRODOLE' is over 22 chars
> warning: rule 'LOCAL_OBFU_SOMATROPINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_FLONASE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_XENICAL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CARISOPRODOL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PHENDIMETRAZIN' is over 22 chars
> warning: rule 'LOCAL_OBFU_SENOKOT_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PNTERMIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_ELAVILE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_VICODIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_TRAMADOL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_FATTACHE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_IONAMINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_ZANAFLEX_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PHENDIMETRAZIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_GENERICS_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_IMITREX_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CYCLOBENZAPRIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CYCLOBENZAPRINE' is over 22 chars
> warning: rule 'LOCAL_OBFU_REGALIS_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CLARITINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_NASACORT_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_REDUCTILE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_MERIDIA_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PENTERMINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_STRIVECTINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_ALLEGRA_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_BONTRIL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PRILOSEC_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CARISOPRODOLE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_TRIPHASIL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_LAMISILE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_XENICALE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_LAMISIL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PNTERMINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PENTERMIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_ESTRADIOLE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PROPECIA_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_VOLLGESPRITZT' is over 22 chars
> warning: rule 'LOCAL_OBFU_CYCLOBENZAPRINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_FLEXERIL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_STAMINA_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_SLIMPRO_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_FLEXERILE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CELEBREX_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CYCLOBENZAPRIN' is over 22 chars
> warning: rule 'LOCAL_OBFU_EFFEXOR_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_EPHEDRA_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_BLUEPRO_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_TRAMADOLE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_WELLBUTRIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_BUSTPRO_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_NASONEX_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_MOUTHCHOKING' is over 22 chars
> warning: rule 'LOCAL_OBFU_TENUATE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_TYLENOL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_IONAMIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_SOMATROPIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PHENTERMINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CLARITIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PHENDIMETRAZINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PHENTERMIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_SKELAXINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_MENOPRO_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_VICODINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_TYLENOLE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_SKELAXIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_DIFLUCAN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_NORDETTE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_STRIVECTIN_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_ACYCLOVIR_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_PHENDIMETRAZINE' is over 22 chars
> warning: rule 'LOCAL_OBFU_FIORICET_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_GENERIC_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_BONTRILE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_MOUTHCHOKING_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_CARISOPRODOL' is over 22 chars
> warning: rule 'LOCAL_OBFU_LEVITRA_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_VOLLGESPRITZT_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_FLEXTRA_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_REDUCTIL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_SARAFEM_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_VALTREX_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_ESTRADIOL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_SHEMALE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_FLUOXETINE_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_TADALAFIL_SUBJ' is over 22 chars
> warning: rule 'LOCAL_OBFU_WELLBUTRINE_SUBJ' is over 22 chars
>
> {^_^}
> ----- Original Message -----
> From: "jdow" <jd...@earthlink.net>
> To: <us...@spamassassin.apache.org>
> Sent: 2005 May, 31, Tuesday 02:45
> Subject: Re: problem with split line URL's
>
>
>
>>Oops - spamassassin --lint barfed all over these new rules. Most of
>>their names were over the character count limit.
>>{^_^}
>>----- Original Message -----
>>From: "Martin Hepworth" <ma...@solid-state-logic.com>
>>Cc: "SpamAssassin Users" <us...@spamassassin.apache.org>
>>Sent: 2005 May, 31, Tuesday 02:35
>>Subject: Re: problem with split line URL's
>>
>>
>>
>>>Bob
>>>
>>>Ta - I've upgraded the rules and we'll see how we get on..
>>>
>>>--
>>>Martin Hepworth
>>>Snr Systems Administrator
>>>Solid State Logic
>>>Tel: +44 (0)1865 842300
>>>
>>>
>>>Robert Menschel wrote:
>>>
>>>>Hello Martin,
>>>>
>>>>Friday, May 27, 2005, 3:52:25 AM, you wrote:
>>>>
>>>>MH> Hi
>>>>
>>>>MH> I've been attempting to get the split line URL rule working - this
>>
>>one..
>>
>>>>I believe the working rule that matches all active spam using this
>>>>trick is now active in 70_sare_obfu.cf
>>>>
>>>>Bob Menschel
>>>>
>>>>
>>>>
>>>
>>>**********************************************************************
>>>
>>>This email and any files transmitted with it are confidential and
>>>intended solely for the use of the individual or entity to whom they
>>>are addressed. If you have received this email in error please notify
>>>the system manager.
>>>
>>>This footnote confirms that this email message has been swept
>>>for the presence of computer viruses and is believed to be clean.
>>>
>>>**********************************************************************
>>
>
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: problem with split line URL's
Posted by jdow <jd...@earthlink.net>.
Specifically:
warning: rule 'LOCAL_OBFU_CARISOPRODOLE' is over 22 chars
warning: rule 'LOCAL_OBFU_SOMATROPINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_FLONASE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_XENICAL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CARISOPRODOL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PHENDIMETRAZIN' is over 22 chars
warning: rule 'LOCAL_OBFU_SENOKOT_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PNTERMIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_ELAVILE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_VICODIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_TRAMADOL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_FATTACHE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_IONAMINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_ZANAFLEX_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PHENDIMETRAZIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_GENERICS_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_IMITREX_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CYCLOBENZAPRIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CYCLOBENZAPRINE' is over 22 chars
warning: rule 'LOCAL_OBFU_REGALIS_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CLARITINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_NASACORT_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_REDUCTILE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_MERIDIA_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PENTERMINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_STRIVECTINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_ALLEGRA_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_BONTRIL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PRILOSEC_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CARISOPRODOLE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_TRIPHASIL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_LAMISILE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_XENICALE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_LAMISIL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PNTERMINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PENTERMIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_ESTRADIOLE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PROPECIA_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_VOLLGESPRITZT' is over 22 chars
warning: rule 'LOCAL_OBFU_CYCLOBENZAPRINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_FLEXERIL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_STAMINA_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_SLIMPRO_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_FLEXERILE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CELEBREX_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CYCLOBENZAPRIN' is over 22 chars
warning: rule 'LOCAL_OBFU_EFFEXOR_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_EPHEDRA_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_BLUEPRO_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_TRAMADOLE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_WELLBUTRIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_BUSTPRO_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_NASONEX_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_MOUTHCHOKING' is over 22 chars
warning: rule 'LOCAL_OBFU_TENUATE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_TYLENOL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_IONAMIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_SOMATROPIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PHENTERMINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CLARITIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PHENDIMETRAZINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PHENTERMIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_SKELAXINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_MENOPRO_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_VICODINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_TYLENOLE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_SKELAXIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_DIFLUCAN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_NORDETTE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_STRIVECTIN_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_ACYCLOVIR_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_PHENDIMETRAZINE' is over 22 chars
warning: rule 'LOCAL_OBFU_FIORICET_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_GENERIC_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_BONTRILE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_MOUTHCHOKING_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_CARISOPRODOL' is over 22 chars
warning: rule 'LOCAL_OBFU_LEVITRA_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_VOLLGESPRITZT_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_FLEXTRA_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_REDUCTIL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_SARAFEM_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_VALTREX_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_ESTRADIOL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_SHEMALE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_FLUOXETINE_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_TADALAFIL_SUBJ' is over 22 chars
warning: rule 'LOCAL_OBFU_WELLBUTRINE_SUBJ' is over 22 chars
{^_^}
----- Original Message -----
From: "jdow" <jd...@earthlink.net>
To: <us...@spamassassin.apache.org>
Sent: 2005 May, 31, Tuesday 02:45
Subject: Re: problem with split line URL's
> Oops - spamassassin --lint barfed all over these new rules. Most of
> their names were over the character count limit.
> {^_^}
> ----- Original Message -----
> From: "Martin Hepworth" <ma...@solid-state-logic.com>
> Cc: "SpamAssassin Users" <us...@spamassassin.apache.org>
> Sent: 2005 May, 31, Tuesday 02:35
> Subject: Re: problem with split line URL's
>
>
> > Bob
> >
> > Ta - I've upgraded the rules and we'll see how we get on..
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >
> > Robert Menschel wrote:
> > > Hello Martin,
> > >
> > > Friday, May 27, 2005, 3:52:25 AM, you wrote:
> > >
> > > MH> Hi
> > >
> > > MH> I've been attempting to get the split line URL rule working - this
> one..
> > >
> > > I believe the working rule that matches all active spam using this
> > > trick is now active in 70_sare_obfu.cf
> > >
> > > Bob Menschel
> > >
> > >
> > >
> >
> > **********************************************************************
> >
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager.
> >
> > This footnote confirms that this email message has been swept
> > for the presence of computer viruses and is believed to be clean.
> >
> > **********************************************************************
>
Re: problem with split line URL's
Posted by jdow <jd...@earthlink.net>.
Oops - spamassassin --lint barfed all over these new rules. Most of
their names were over the character count limit.
{^_^}
----- Original Message -----
From: "Martin Hepworth" <ma...@solid-state-logic.com>
Cc: "SpamAssassin Users" <us...@spamassassin.apache.org>
Sent: 2005 May, 31, Tuesday 02:35
Subject: Re: problem with split line URL's
> Bob
>
> Ta - I've upgraded the rules and we'll see how we get on..
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Robert Menschel wrote:
> > Hello Martin,
> >
> > Friday, May 27, 2005, 3:52:25 AM, you wrote:
> >
> > MH> Hi
> >
> > MH> I've been attempting to get the split line URL rule working - this
one..
> >
> > I believe the working rule that matches all active spam using this
> > trick is now active in 70_sare_obfu.cf
> >
> > Bob Menschel
> >
> >
> >
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
Re: problem with split line URL's
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Bob
Ta - I've upgraded the rules and we'll see how we get on..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Robert Menschel wrote:
> Hello Martin,
>
> Friday, May 27, 2005, 3:52:25 AM, you wrote:
>
> MH> Hi
>
> MH> I've been attempting to get the split line URL rule working - this one..
>
> I believe the working rule that matches all active spam using this
> trick is now active in 70_sare_obfu.cf
>
> Bob Menschel
>
>
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: problem with split line URL's
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Martin,
Friday, May 27, 2005, 3:52:25 AM, you wrote:
MH> Hi
MH> I've been attempting to get the split line URL rule working - this one..
I believe the working rule that matches all active spam using this
trick is now active in 70_sare_obfu.cf
Bob Menschel
Re: problem with split line URL's
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Loren
ok I've added the alternative in with a slightly different name so I've
got both in the setup.
I note that if I run spamassassin -D < test.eml on an example the rules
don't fire either, so I don't think its MailScanner getting in the way.
Running SA 3.0.3 (from CPAN) with perl 5.8.5 (from the FreeBSD ports
tree) running on FreeBSD 4.10 if thats of any use.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Loren Wilton wrote:
>>Which dont seem to trigger the above rule. Any ideas?
>
>
> Not really. That's my rule and it works fine here, and many other places.
> However, you aren't the first to say it doesn't work for them.
>
> I'm guessing you are using something other than procmail/spamd to process
> mail, or maybe you are running on a windows/mac box? My guess is that
> something is taking the bare cr characters and helpfully either changing
> them to actual newlines or sticking newlines before or after them. Since I
> specifically check for a bare \r character rather than \r\n, if something is
> decorating the \r characters the rule won't fire.
>
> Just for grins try changing the rule to something like this and see if it
> works, and let us know:
>
> rawbody __LW_URI_CR1 /href=\"[^"]*\r\n?/is
> full __LW_URI_CR2 /href=\"[^"]*\r\n?/is
> meta LW_URI_CR __LW_URI_CR1 || __LW_URI_CR2
> score LW_URI_CR 2
> describe LW_URI_CR unescaped cr in uri
>
>
> Loren
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: problem with split line URL's
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
Loren Wilton wrote:
>>Which dont seem to trigger the above rule. Any ideas?
>
>
> Not really. That's my rule and it works fine here, and many other places.
> However, you aren't the first to say it doesn't work for them.
>
> I'm guessing you are using something other than procmail/spamd to process
> mail, or maybe you are running on a windows/mac box? My guess is that
> something is taking the bare cr characters and helpfully either changing
> them to actual newlines or sticking newlines before or after them. Since I
> specifically check for a bare \r character rather than \r\n, if something is
> decorating the \r characters the rule won't fire.
>
> Just for grins try changing the rule to something like this and see if it
> works, and let us know:
>
> rawbody __LW_URI_CR1 /href=\"[^"]*\r\n?/is
> full __LW_URI_CR2 /href=\"[^"]*\r\n?/is
> meta LW_URI_CR __LW_URI_CR1 || __LW_URI_CR2
> score LW_URI_CR 2
> describe LW_URI_CR unescaped cr in uri
>
>
> Loren
>
Loren
yup I'm using MailScanner to drive SA.
I'll try your alternative and see how we get on...
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: problem with split line URL's
Posted by Loren Wilton <lw...@earthlink.net>.
> Which dont seem to trigger the above rule. Any ideas?
Not really. That's my rule and it works fine here, and many other places.
However, you aren't the first to say it doesn't work for them.
I'm guessing you are using something other than procmail/spamd to process
mail, or maybe you are running on a windows/mac box? My guess is that
something is taking the bare cr characters and helpfully either changing
them to actual newlines or sticking newlines before or after them. Since I
specifically check for a bare \r character rather than \r\n, if something is
decorating the \r characters the rule won't fire.
Just for grins try changing the rule to something like this and see if it
works, and let us know:
rawbody __LW_URI_CR1 /href=\"[^"]*\r\n?/is
full __LW_URI_CR2 /href=\"[^"]*\r\n?/is
meta LW_URI_CR __LW_URI_CR1 || __LW_URI_CR2
score LW_URI_CR 2
describe LW_URI_CR unescaped cr in uri
Loren