Any rule for this type of spam
Matt Kettler
mkettler at evi-inc.com
Thu Sep 20 16:49:54 IST 2007
Gareth wrote:
> Does anyone have a rule or a suggestion for this type of spam email. Its
> the only one which occasionally makes it past our spam checks.
>
>
> ------------------------------------------------------------------------
>
> Subject:
> +.).:[ +.-(:[[()+ +.*)+.)
For what it's worth, I've got a couple rules I wrote that will detect this kind
of "garbage subject".
However, they're not well tested, so I'd advise not cranking up the scores until
you're sure they don't cause problems.
L_SUBJ_15NONWORDS might FP on some emails with a lot of !'s in them, but 15 in a
row is a LOT.
L_SUBJ_NOWORDS might FP on emails with stupid subject lines that real people
occasionally use, such as "...", so I'd be more careful with this one.
header L_SUBJ_15NONWORDS Subject =~/\W{15}/
describe L_SUBJ_15NONWORDS Subject has 15 consecutive non-word characters
score L_SUBJ_15NONWORDS 0.5
header __L_SUBJ_NOWORDS Subject !~ /[a-zA-Z0-9]/
header __L_SUBJ_NONEMPTY Subject =~ /./
meta L_SUBJ_NOWORDS (__L_SUBJ_NOWORDS && __L_SUBJ_NONEMPTY)
describe L_SUBJ_NOWORDS Subject has no word chars and is nonempty
score L_SUBJ_NOWORDS 0.5
More information about the MailScanner
mailing list