Beating bayes
Matt Kettler
mkettler at EVI-INC.COM
Thu Feb 5 00:42:03 GMT 2004
At 06:55 PM 2/4/2004, you wrote:
>Interesting article on beating bayes filters at the BBC
>http://news.bbc.co.uk/1/hi/technology/3458457.stm
>
>Discuss...
It points out the fundamental reason why SpamAssassin isn't a pure bayes
system. It's also why SA tokenizes headers, not just message bodies when it
does bayes (if you tokenize headers, that section isn't as easy to
obfuscate and/or add poison to).
And let's face it.. my most recent bayes-poison loaded spam got:
BAYES_99 5.40, HTML_MESSAGE 0.10, RCVD_IN_BL_SPAMCOP_NET 1.50,
RCVD_IN_DSBL 0.71, RCVD_IN_DYNABLOCK 1.50, RCVD_IN_SORBS 0.10)
Some benefit the 280 words of bayes poison they stuffed at the end got them.
For reference the email in question is a bayes-poison loaded, random
charachter-insert obfuscated super v-drug spam.
It offered to:
"Suxper chajrge your lolve linfe!"
/yawn.
More information about the MailScanner
mailing list