Rise in Viagra spam

Martin Hepworth martinh at solid-state-logic.com
Thu Jul 27 13:49:46 IST 2006 

Daniel Maher wrote:
> I added the following SA rules to help with those:
> 
> header          BADVIAGRA01     Subject =~ /.*\sV.*AGRA.*/
> score           BADVIAGRA01     10
> describe        BADVIAGRA01     Banned "viagra" subject (01)
> 
> header          BADVIAGRA02     Subject =~ /.*\sV.*AGGRA.*/
> score           BADVIAGRA02     10
> describe        BADVIAGRA02     Banned "viagra" subject (02)
> 
> header          BADVIAGRA03     Subject =~ /R[eE]:\s.*V.*AGRA.*/
> score           BADVIAGRA03     10
> describe        BADVIAGRA03     Banned "viagra" subject (03)
> 
> I haven't received any un-tagged spam of the sort since.
> 
> --
>   _
>  °v°  Daniel Maher
> /(_)\ Administrateur Système Unix
>  ^ ^  Unix System Administrator
>  
> Sentio aliquos togatos contra me conspirare.
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Garry Glendown
> Sent: Thursday, July 27, 2006 4:58 AM
> To: MailScanner discussion
> Subject: Rise in Viagra spam
> 
> Hi,
> 
> over the last couple days we've had a pretty drastic increase in Viagra 
> spam ... I have some (older) antidrug-cf and several Rules Du Jour 
> configs running, but scores are (though just barely) too low ... here's 
> a sample:
> 
> ---
> VlljAGRA from 3 , 35 $
> AMjBlIEN
> CIjALIlS from 3 , 75 $
> VAjLIlUM from 1 , 25 $
> ---
> 
> It has an ASCII and HTML version included, and also sports a piece of 
> random text from some literature ... spam scores usually look like this:
> 
> X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=4.05,
> 	benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14, HTML_50_60 0.13,
> 	HTML_MESSAGE 0.00, URIBL_SBL 1.64, URIBL_WS_SURBL 2.14)
> 
> though some have scored BAYES_60 ... (I already ran a couple dozen of 
> the spam mails through sa-learn, but that has not increased bayes enough 
> ...)
> 
> Anybody have a suggestion as to another Rules Du Jour set or something?
> 
> Thanks, -gg
I find this SARE rule very good

http://www.rulesemporium.com/rules/70_sare_obfu.cf

-- 
Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

More information about the MailScanner mailing list