You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jason Bennett <jb...@gcftech.com> on 2007/08/13 22:42:52 UTC
Punctuation Spam Lately
Over the past few days, I’ve been seeing a ton of spam with every second letter replace with punctuation or other symbol that are getting past SA. Are there any Rulesets out there that can take care of this? I am using SARE and most of the SA plugins. You can see a sample here:
http://www.gcftech.com/spam2.jpg
Thanks!
J.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.11.17/951 - Release Date: 8/13/2007 10:15 AM
Re: Punctuation Spam Lately
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 13 Aug 2007, Bill Landry wrote:
> Jason Bennett wrote:
> > Over the past few days, I've been seeing a ton of spam with every second letter replace with punctuation or other symbol that are getting past SA. Are there any Rulesets out there that can take care of this? I am using SARE and most of the SA plugins. You can see a sample here:
> >
> > http://www.gcftech.com/spam2.jpg
>
> Grab the chickenpox.cf and mangled.cf rules from:
>
> http://www.rulesemporium.com/other-rules.htm
>
> they hit quite nicely on these types of spam.
There's a perl script here that lets you generate your own
custom-scored obfuscated word rules file:
http://www.impsec.org/~jhardin/antispam/
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
[Small arms] are fundamentally dangerous and their removal from the
equation either by control, neutralisation or removal is essential.
The first step is to gain information on their numbers and
whereabouts. -- the UN, who "doesn't want to confiscate guns"
-----------------------------------------------------------------------
2 days until The 62nd anniversary of the end of World War II
Re: Punctuation Spam Lately
Posted by Bill Landry <bi...@inetmsg.com>.
Jason Bennett wrote:
> Over the past few days, I’ve been seeing a ton of spam with every second letter replace with punctuation or other symbol that are getting past SA. Are there any Rulesets out there that can take care of this? I am using SARE and most of the SA plugins. You can see a sample here:
>
> http://www.gcftech.com/spam2.jpg
>
> Thanks!
>
> J.
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.476 / Virus Database: 269.11.17/951 - Release Date: 8/13/2007 10:15 AM
>
Grab the chickenpox.cf and mangled.cf rules from:
http://www.rulesemporium.com/other-rules.htm
they hit quite nicely on these types of spam.
Bill
RE: Punctuation Spam Lately
Posted by Jason Bennett <jb...@gcftech.com>.
Thanks.. The message I get is actually text, I put it in an image for simplicity for myself.
-----Original Message-----
From: SM [mailto:sm@resistor.net]
Sent: Monday, August 13, 2007 3:18 PM
To: users@spamassassin.apache.org
Subject: Re: Punctuation Spam Lately
At 13:42 13-08-2007, Jason Bennett wrote:
>Over the past few days, I've been seeing a ton of spam with every
>second letter replace with punctuation or other symbol that are
>getting past SA. Are there any Rulesets out there that can take
>care of this? I am using SARE and most of the SA plugins. You can
The message should hit BAYES_99, if you are using Bayes, and
FRT_PRICE. As your link is to an image, it is not possible to tell
whether the message would hit HTML_MESSAGE and
MIME_QP_LONG_LINE. The message may also trigger some DYNAMIC
rules. The total score should be over five with all these hits.
Regards,
-sm
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.11.17/951 - Release Date: 8/13/2007 10:15 AM
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.11.17/951 - Release Date: 8/13/2007 10:15 AM
Re: Punctuation Spam Lately
Posted by SM <sm...@resistor.net>.
At 13:42 13-08-2007, Jason Bennett wrote:
>Over the past few days, I've been seeing a ton of spam with every
>second letter replace with punctuation or other symbol that are
>getting past SA. Are there any Rulesets out there that can take
>care of this? I am using SARE and most of the SA plugins. You can
The message should hit BAYES_99, if you are using Bayes, and
FRT_PRICE. As your link is to an image, it is not possible to tell
whether the message would hit HTML_MESSAGE and
MIME_QP_LONG_LINE. The message may also trigger some DYNAMIC
rules. The total score should be over five with all these hits.
Regards,
-sm