You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ramprasad A Padmanabhan <ra...@netcore.co.in> on 2005/07/19 12:06:05 UTC
ruleset for antidrug.cf
Hi list,
Our servers are frequently getting spam mails with taablets , or
ta.blets in the subject.
I run rules_du_jour regularly, I am surprised there is no ruleset for
catching this kind of subjects
/\bta+\.?b(let)?s\b/
Has someone already a ruleset for this
Thanks
Ram
----------------------------------------------------------
Netcore Solutions Pvt. Ltd.
Website: http://www.netcore.co.in
Spamtraps: http://cleanmail.netcore.co.in/directory.html
----------------------------------------------------------
Re: ruleset for antidrug.cf
Posted by Matt Kettler <mk...@evi-inc.com>.
Ramprasad A Padmanabhan wrote:
>>One problem with the above regex.. it will match "tablets" or "tabs" in an
>>un-obfuscated form.
>>
>
>
>
> I think that is ok in the subject.
> subject with tablets even un obfuscated still deserves a score around 1
Depends what kind of tablet you're talking about.. If you could restrict it to
the pill meaning, sure, but what about a "tablet PC"?
Re: ruleset for antidrug.cf
Posted by Ramprasad A Padmanabhan <ra...@netcore.co.in>.
On Tue, 2005-07-19 at 21:34, Matt Kettler wrote:
> Ramprasad A Padmanabhan wrote:
> > Hi list,
> > Our servers are frequently getting spam mails with taablets , or
> > ta.blets in the subject.
> >
> > I run rules_du_jour regularly, I am surprised there is no ruleset for
> > catching this kind of subjects
> > /\bta+\.?b(let)?s\b/
> >
> > Has someone already a ruleset for this
>
> One problem with the above regex.. it will match "tablets" or "tabs" in an
> un-obfuscated form.
>
I think that is ok in the subject.
subject with tablets even un obfuscated still deserves a score around 1
Thanks
Ram
----------------------------------------------------------
Netcore Solutions Pvt. Ltd.
Website: http://www.netcore.co.in
Spamtraps: http://cleanmail.netcore.co.in/directory.html
----------------------------------------------------------
Re: ruleset for antidrug.cf
Posted by Matt Kettler <mk...@evi-inc.com>.
Ramprasad A Padmanabhan wrote:
> Hi list,
> Our servers are frequently getting spam mails with taablets , or
> ta.blets in the subject.
>
> I run rules_du_jour regularly, I am surprised there is no ruleset for
> catching this kind of subjects
> /\bta+\.?b(let)?s\b/
>
> Has someone already a ruleset for this
One problem with the above regex.. it will match "tablets" or "tabs" in an
un-obfuscated form.
If it were a single word to avoid, I'd suggest using a negative-look-ahead, but
since there's two I might re-write the above into something like this:
body __L_TABS_ANY /\bta+\.?b(?:let)?s\b/i
body __L_TABLETS /\btablets\b/i
body __L_TABS /\btabs\b/i
meta L_TABS_OBFU __L_TABS_ANY && !(__L_TABLETS || __L_TABS)
score L_TABS_OBFU 0.1
Notes: Body rules do match subject lines, so I chose body instead of header. I
also added ?: to your () arround "let" to prevent perl from wastefully creating
a backreference which won't be used.
Since the rule is completely untested, I gave it a tiny score. Test it with the
small score, watching for it hitting nonspam messages, before giving it any real
score.