Rise in Viagra spam

Dimitri Yioulos dyioulos at firstbhph.com
Thu Jul 27 14:11:32 IST 2006 

On Thursday July 27 2006 8:49 am, Martin Hepworth wrote:
> Daniel Maher wrote:
> > I added the following SA rules to help with those:
> >
> > header          BADVIAGRA01     Subject =~ /.*\sV.*AGRA.*/
> > score           BADVIAGRA01     10
> > describe        BADVIAGRA01     Banned "viagra" subject (01)
> >
> > header          BADVIAGRA02     Subject =~ /.*\sV.*AGGRA.*/
> > score           BADVIAGRA02     10
> > describe        BADVIAGRA02     Banned "viagra" subject (02)
> >
> > header          BADVIAGRA03     Subject =~ /R[eE]:\s.*V.*AGRA.*/
> > score           BADVIAGRA03     10
> > describe        BADVIAGRA03     Banned "viagra" subject (03)
> >
> > I haven't received any un-tagged spam of the sort since.
> >
> > --
> >   _
> >  °v°  Daniel Maher
> > /(_)\ Administrateur Système Unix
> >  ^ ^  Unix System Administrator
> >
> > Sentio aliquos togatos contra me conspirare.
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info
> > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> > Garry Glendown Sent: Thursday, July 27, 2006 4:58 AM
> > To: MailScanner discussion
> > Subject: Rise in Viagra spam
> >
> > Hi,
> >
> > over the last couple days we've had a pretty drastic increase in
> > Viagra spam ... I have some (older) antidrug-cf and several Rules
> > Du Jour configs running, but scores are (though just barely) too
> > low ... here's a sample:
> >
> > ---
> > VlljAGRA from 3 , 35 $
> > AMjBlIEN
> > CIjALIlS from 3 , 75 $
> > VAjLIlUM from 1 , 25 $
> > ---
> >
> > It has an ASCII and HTML version included, and also sports a
> > piece of random text from some literature ... spam scores usually
> > look like this:
> >
> > X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin
> > (Wertung=4.05, benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14,
> > HTML_50_60 0.13, HTML_MESSAGE 0.00, URIBL_SBL 1.64,
> > URIBL_WS_SURBL 2.14)
> >
> > though some have scored BAYES_60 ... (I already ran a couple
> > dozen of the spam mails through sa-learn, but that has not
> > increased bayes enough ...)
> >
> > Anybody have a suggestion as to another Rules Du Jour set or
> > something?
> >
> > Thanks, -gg
>
> I find this SARE rule very good
>
> http://www.rulesemporium.com/rules/70_sare_obfu.cf
>
> --

Martin,

I have this rule in my setup, but it doesn't seem to tag much 
obfuscated spam, although our server receives its share of that type.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list