Graphic Based Spams
James Gray
james at grayonline.id.au
Wed Mar 9 21:23:01 GMT 2005
[ The following text is in the "utf-8" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
On Thu, 10 Mar 2005 07:45 am, Michael Baird wrote:
> Heh guys, this may not be a problem directly related to MailScanner, but
> I'm having issues with spams that are just graphics (Viagra Cheap), they
> score very low and make it through. What is the best way to handle these
> types of spam, tweak the spamassassin scores a bit? Update to the latest
> spamassassin? Just looking for advice on the subject.
>
> Regards
> Michael Baird
I have a few "RAWBODY" rules that look for MIME boundaries that describe
embedded graphics. They score around the 0.9 mark. Then I have some other
RAWBODY rules that look for the first few bytes (in BASE64) of each of the
graphics. I've found these spammers send the *same* embedded GIF with a
picture of 4 pills - the graphic is identical making the BASE64 detection
easy :) I've also increased the score of some of the standard SA rules
which catch base64 encoded content too.
Have a look at raw message and grab the strings that match what you're
seeing. Alternatively, post a copy of the message on a website somewhere
and I can grok it for you and post back here the rules I derive from it :)
Cheers,
James
--
An effective way to deal with predators is to taste terrible.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list