You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Tom Hendrikx <to...@whyscream.net> on 2012/12/04 12:57:39 UTC
Gappy subject misses
Hi,
I'm currently seeing an increasing number of subjects like the ones
below that are not being detected by SA. Looking through the existing
rules (i'm still running v3.3.1) I'm seeing both the GAPPY_SUBJECT and
the SERGIO_SUBJECT_VIAGRA01 approaches that are interested in this kind
of stuff.
I tried to adapt GAPPY_SUBJECT but it went over my head unfortunately,
and ended up writing variants of SERGIO_SUBJECT_VIAGRA01 for several sex
related strings. But being afraid to end up with (another ever
expanding) list of phrases in rules: is there a better way to catch
these? Maybe someone is able to refactor GAPPY_SUBJECT into something
that hits on the example below too?
Examples:
Subject: S _C H0^0 &L (G. l ^RL S ( P0 |RN_
Subject: H!AR -D C O !R &E`
Subject: Un{d}r_es ,s -in {g
Subject: P-0 :R |N . V I)D .E OS {
Subject: P "O/R N= F "lLM
Subject: B &AN +G l_N$G _
Subject: G.r_ a|n.n|y P `o,r|n.
Subject: S =E ^X/ V l D|EO (
Subject: P{O{R N M;O}V^I(E _S !
Subject: B l )G ;C O {C K. S !
Subject: Ba }n .gl&n-g
Subject: S ;c{h\o "o /l_ g ;i ,rl Por {n ^
--
Kind regards,
Tom
Re: Gappy subject misses
Posted by John Hardin <jh...@impsec.org>.
On Tue, 4 Dec 2012, Tom Hendrikx wrote:
> Maybe someone is able to refactor GAPPY_SUBJECT into something that hits
> on the example below too?
>
> Examples:
>
> Subject: S _C H0^0 &L (G. l ^RL S ( P0 |RN_
> Subject: H!AR -D C O !R &E`
> Subject: Un{d}r_es ,s -in {g
> Subject: P-0 :R |N . V I)D .E OS {
> Subject: P "O/R N= F "lLM
> Subject: B &AN +G l_N$G _
> Subject: G.r_ a|n.n|y P `o,r|n.
> Subject: S =E ^X/ V l D|EO (
> Subject: P{O{R N M;O}V^I(E _S !
> Subject: B l )G ;C O {C K. S !
> Subject: Ba }n .gl&n-g
> Subject: S ;c{h\o "o /l_ g ;i ,rl Por {n ^
It seems that GAPPY_SUBJECT is only missing a couple of things needed to
catch these - for example, [a-z] should be [a-z0] to catch the o->0
substitution, and perhaps some more punctuation characters are needed.
I will try to work on it this evening.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The more you believe you can create heaven on earth the more
likely you are to set up guillotines in the public square to
hasten the process. -- James Lileks
-----------------------------------------------------------------------
11 days until Bill of Rights day
Re: {?} Gappy subject misses
Posted by The Doctor <do...@doctor.nl2k.ab.ca>.
On Tue, Dec 04, 2012 at 12:57:39PM +0100, Tom Hendrikx wrote:
> Hi,
>
> I'm currently seeing an increasing number of subjects like the ones
> below that are not being detected by SA. Looking through the existing
> rules (i'm still running v3.3.1) I'm seeing both the GAPPY_SUBJECT and
> the SERGIO_SUBJECT_VIAGRA01 approaches that are interested in this kind
> of stuff.
>
> I tried to adapt GAPPY_SUBJECT but it went over my head unfortunately,
> and ended up writing variants of SERGIO_SUBJECT_VIAGRA01 for several sex
> related strings. But being afraid to end up with (another ever
> expanding) list of phrases in rules: is there a better way to catch
> these? Maybe someone is able to refactor GAPPY_SUBJECT into something
> that hits on the example below too?
>
> Examples:
>
> Subject: S _C H0^0 &L (G. l ^RL S ( P0 |RN_
> Subject: H!AR -D C O !R &E`
> Subject: Un{d}r_es ,s -in {g
> Subject: P-0 :R |N . V I)D .E OS {
> Subject: P "O/R N= F "lLM
> Subject: B &AN +G l_N$G _
> Subject: G.r_ a|n.n|y P `o,r|n.
> Subject: S =E ^X/ V l D|EO (
> Subject: P{O{R N M;O}V^I(E _S !
> Subject: B l )G ;C O {C K. S !
> Subject: Ba }n .gl&n-g
> Subject: S ;c{h\o "o /l_ g ;i ,rl Por {n ^
>
> --
> Kind regards,
> Tom
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
Smae here.
Too much of this junk should disappear into a black hole!
--
Member - Liberal International This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Merry Christmas 2012 and Happy New Year 2013
Re: Gappy subject misses
Posted by Alexandre Boyer <bi...@gmail.com>.
Hi,
I've fairly good results with this rule:
header __AJB_OBFU_PR0N_SUBJ Subject =~
/[\:\;\/\`\(\)\{\}~\#\&\"\%\$\_][a-z0-9][\:\;\`\(\)\/\{\}\_\~\#\&\"\%\$]/im
It's realy basic and desrve a rework.
Best,
Alex, from prypiat.
Yes, I recycle.
On 12-12-04 06:57 AM, Tom Hendrikx wrote:
> Hi,
>
> I'm currently seeing an increasing number of subjects like the ones
> below that are not being detected by SA. Looking through the existing
> rules (i'm still running v3.3.1) I'm seeing both the GAPPY_SUBJECT and
> the SERGIO_SUBJECT_VIAGRA01 approaches that are interested in this kind
> of stuff.
>
> I tried to adapt GAPPY_SUBJECT but it went over my head unfortunately,
> and ended up writing variants of SERGIO_SUBJECT_VIAGRA01 for several sex
> related strings. But being afraid to end up with (another ever
> expanding) list of phrases in rules: is there a better way to catch
> these? Maybe someone is able to refactor GAPPY_SUBJECT into something
> that hits on the example below too?
>
> Examples:
>
> Subject: S _C H0^0 &L (G. l ^RL S ( P0 |RN_
> Subject: H!AR -D C O !R &E`
> Subject: Un{d}r_es ,s -in {g
> Subject: P-0 :R |N . V I)D .E OS {
> Subject: P "O/R N= F "lLM
> Subject: B &AN +G l_N$G _
> Subject: G.r_ a|n.n|y P `o,r|n.
> Subject: S =E ^X/ V l D|EO (
> Subject: P{O{R N M;O}V^I(E _S !
> Subject: B l )G ;C O {C K. S !
> Subject: Ba }n .gl&n-g
> Subject: S ;c{h\o "o /l_ g ;i ,rl Por {n ^
>
> --
> Kind regards,
> Tom