You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@earthlink.net> on 2006/06/07 02:09:28 UTC
Mis-tagged advance fee spam
I've got a spam message that I believe was mis-tagged with an advance fee
tag. I've uploaded it here, if it can't be downloaded I'll send it direct.
http://www.verzend.be/v/9403665/mistagged.txt.html
If anyone knows of a better free upload site please let me know.
--
Chris
Registered Linux User 283774 http://counter.li.org
19:04:07 up 23 days, 7:04, 1 user, load average: 0.13, 0.23, 0.17
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
Re: Mis-tagged advance fee spam
Posted by Chris <cp...@earthlink.net>.
On Tuesday 06 June 2006 7:31 pm, David Goldsmith wrote:
> Chris wrote:
> > I've got a spam message that I believe was mis-tagged with an advance
> > fee tag. I've uploaded it here, if it can't be downloaded I'll send it
> > direct.
> >
> > http://www.verzend.be/v/9403665/mistagged.txt.html
> >
> > If anyone knows of a better free upload site please let me know.
>
> It's matching against:
>
> __FRAUD_IOU because of '100% safe'
> __FRAUD_DBI because of '$45.3008'
>
> ADVANCE_FEE_1 is a meta rule that gets set if any two of 50+ __FRAUD_###
> rules are triggered.
>
> Dave
Thanks Dave and Ben, previous ADVANCE_FEE(s) I've seen were actually the 419
type, or I just haven't read down the complete message.
--
Chris
Registered Linux User 283774 http://counter.li.org
20:30:22 up 23 days, 8:30, 1 user, load average: 0.19, 0.24, 0.17
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
Re: Mis-tagged advance fee spam
Posted by David Goldsmith <dg...@sans.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris wrote:
> I've got a spam message that I believe was mis-tagged with an advance fee
> tag. I've uploaded it here, if it can't be downloaded I'll send it direct.
>
> http://www.verzend.be/v/9403665/mistagged.txt.html
>
> If anyone knows of a better free upload site please let me know.
It's matching against:
__FRAUD_IOU because of '100% safe'
__FRAUD_DBI because of '$45.3008'
ADVANCE_FEE_1 is a meta rule that gets set if any two of 50+ __FRAUD_###
rules are triggered.
Dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEhh5K417vU8/9QfkRApqQAJ4yUQ2fQfPQT1sdZc833cyGBvCGBACeP3NO
XihgNQS5o437anhh28knb5U=
=KV1l
-----END PGP SIGNATURE-----
RE: Mis-tagged advance fee spam
Posted by Ben Wylie <sa...@benwylie.co.uk>.
> I've got a spam message that I believe was mis-tagged with an advance fee
> tag. I've uploaded it here
Your spam hit the following two subtests
[1464] dbg: rules: ran body rule __FRAUD_IOU ======> got hit: "100% Safe"
[1464] dbg: rules: ran body rule __FRAUD_DBI ======> got hit: "$45.3008"
With two of these subtests it hits: ADVANCE_FEE_1.
Ben