Missing new spam...
Martin.Hepworth
martinh at solidstatelogic.com
Tue Jan 30 10:25:24 CET 2007
Jay
I put in the following last night and it seems to be working fine....BTW
DCC is trapping SOME of these!
# 2007-01-24 new rules (adapted from Henrik Krohns
# <hege at stream.hege.li> on SA list) # http:// [user [:password] @]
# <legal uri characters> + <1 illegal char> + <legal chars> # + (<end of
uri> or
/ or ? or :<port>)
uri local_OBFUDOM
/https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9
._\-]{1,30})?\@)?[a-z0-9._\-]{1,30}[^a-z0-9._\-\/:'\[][a-z0-9._\-\@]{1,3
0}(?:$|\
/|\?|:[0-9])/i
describe local_OBFUDOM Domain contains illegal
characters
score local_OBFUDOM 1.1
body __obfdomreq1
/\b(?:remove|replace|substitute)\b/i
body __obfdomreq2
/(?:\bdomain\b|\baddress\b|"[^"]"|'[^']'
)/i
body __obfdomreq3 /\bImportant!/i
meta __obfudomreq (__obfdomreq1 + __obfdomreq2 +
__obfdomr
eq3) > 1
meta local_OBFDOMREQ (local_OBFUDOM && __obfudomreq)
describe local_OBFDOMREQ Request to modify obfuscated
domain
score local_OBFDOMREQ 3.1
watch out for newlines in the wrong place..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Jay Chandler
> Sent: 30 January 2007 02:15
> To: MailScanner discussion
> Subject: Missing new spam...
>
> Gotten a few of these:
>
> Hi,
>
> VI_zAGRA $3, 35
> VA_zLIUM $1, 20
> AM_zBIEN $2, 90
> CI_zALIS $3, 75
> XA_zNAX $1, 45
>
> http://www.tod*rx.com
>
> Remove "*" to make the link working!
>
>
> Has anyone written some custom rules to handle these yet?
>
> --
> Jay Chandler
> Network Administrator, Chapman University
> 714.628.7249 / chandler at chapman.edu
> Today's Excuse: Secretary sent chain letter to all 5000 employees.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
More information about the MailScanner
mailing list