Missing new spam...

Martin.Hepworth martinh at solidstatelogic.com
Tue Jan 30 10:25:24 CET 2007


Jay

I put in the following last night and it seems to be working fine....BTW
DCC is trapping SOME of these!

# 2007-01-24 new rules (adapted from Henrik Krohns
# <hege at stream.hege.li> on SA list) # http:// [user [:password] @]
# <legal uri characters> + <1 illegal char> + <legal chars> # + (<end of
uri> or
 / or ? or :<port>)
uri             local_OBFUDOM
/https?:\/\/([a-z0-9._\-]{1,30}(:[a-z0-9
._\-]{1,30})?\@)?[a-z0-9._\-]{1,30}[^a-z0-9._\-\/:'\[][a-z0-9._\-\@]{1,3
0}(?:$|\
/|\?|:[0-9])/i
describe        local_OBFUDOM           Domain contains illegal
characters
score   local_OBFUDOM           1.1

body            __obfdomreq1
/\b(?:remove|replace|substitute)\b/i
body            __obfdomreq2
/(?:\bdomain\b|\baddress\b|"[^"]"|'[^']'
)/i
body            __obfdomreq3            /\bImportant!/i
meta            __obfudomreq            (__obfdomreq1 + __obfdomreq2 +
__obfdomr
eq3) > 1
meta            local_OBFDOMREQ         (local_OBFUDOM && __obfudomreq)
describe        local_OBFDOMREQ         Request to modify obfuscated
domain
score   local_OBFDOMREQ         3.1

watch out for newlines in the wrong place..


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Jay Chandler
> Sent: 30 January 2007 02:15
> To: MailScanner discussion
> Subject: Missing new spam...
>
> Gotten a few of these:
>
> Hi,
>
> VI_zAGRA $3, 35
> VA_zLIUM $1, 20
> AM_zBIEN $2, 90
> CI_zALIS $3, 75
> XA_zNAX  $1, 45
>
> http://www.tod*rx.com
>
> Remove "*" to make the link working!
>
>
> Has anyone written some custom rules to handle these yet?
>
> --
> Jay Chandler
> Network Administrator, Chapman University
> 714.628.7249 / chandler at chapman.edu
> Today's Excuse: Secretary sent chain letter to all 5000 employees.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************



More information about the MailScanner mailing list