You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Ramprasad A Padmanabhan <ra...@netcore.co.in> on 2005/07/19 12:06:05 UTC

ruleset for antidrug.cf

Hi list,
   Our servers are frequently getting spam mails with taablets , or
ta.blets in the subject. 

I run rules_du_jour regularly, I am surprised there is no ruleset for
catching this kind  of subjects 
   /\bta+\.?b(let)?s\b/

Has someone already a ruleset for this

Thanks
Ram


----------------------------------------------------------
Netcore Solutions Pvt. Ltd.
Website:  http://www.netcore.co.in
Spamtraps: http://cleanmail.netcore.co.in/directory.html
----------------------------------------------------------

Re: ruleset for antidrug.cf

Posted by Matt Kettler <mk...@evi-inc.com>.

Ramprasad A Padmanabhan wrote:

>>One problem with the above regex.. it will match "tablets" or "tabs" in an 
>>un-obfuscated form.
>>
> 
> 
> 
> I think that is ok in the subject.
> subject with tablets even un obfuscated still deserves a score around 1 

Depends what kind of tablet you're talking about.. If you could restrict it to 
the pill meaning, sure, but what about a "tablet PC"?

Re: ruleset for antidrug.cf

Posted by Ramprasad A Padmanabhan <ra...@netcore.co.in>.

On Tue, 2005-07-19 at 21:34, Matt Kettler wrote:
> Ramprasad A Padmanabhan wrote:
> > Hi list,
> >    Our servers are frequently getting spam mails with taablets , or
> > ta.blets in the subject. 
> > 
> > I run rules_du_jour regularly, I am surprised there is no ruleset for
> > catching this kind  of subjects 
> >    /\bta+\.?b(let)?s\b/
> > 
> > Has someone already a ruleset for this
> 
> One problem with the above regex.. it will match "tablets" or "tabs" in an 
> un-obfuscated form.
> 


I think that is ok in the subject.
subject with tablets even un obfuscated still deserves a score around 1 


Thanks 
Ram


----------------------------------------------------------
Netcore Solutions Pvt. Ltd.
Website:  http://www.netcore.co.in
Spamtraps: http://cleanmail.netcore.co.in/directory.html
----------------------------------------------------------

Re: ruleset for antidrug.cf

Posted by Matt Kettler <mk...@evi-inc.com>.

Ramprasad A Padmanabhan wrote:
> Hi list,
>    Our servers are frequently getting spam mails with taablets , or
> ta.blets in the subject. 
> 
> I run rules_du_jour regularly, I am surprised there is no ruleset for
> catching this kind  of subjects 
>    /\bta+\.?b(let)?s\b/
> 
> Has someone already a ruleset for this

One problem with the above regex.. it will match "tablets" or "tabs" in an 
un-obfuscated form.

If it were a single word to avoid, I'd suggest using a negative-look-ahead, but 
since there's two I might re-write the above into something like this:

body __L_TABS_ANY	 /\bta+\.?b(?:let)?s\b/i
body __L_TABLETS	/\btablets\b/i
body __L_TABS		/\btabs\b/i

meta L_TABS_OBFU	__L_TABS_ANY && !(__L_TABLETS || __L_TABS)
score L_TABS_OBFU	0.1

Notes: Body rules do match subject lines, so I chose body instead of header. I 
also added ?: to your () arround "let" to prevent perl from wastefully creating 
a backreference which won't be used.

Since the rule is completely untested, I gave it a tiny score. Test it with the 
small score, watching for it hitting nonspam messages, before giving it any real 
score.