Tiny text only spam (semi OT)

Alessandro Bianchi alex at skynet-srl.com
Sat Jul 4 14:03:10 IST 2009


>
> I believe that I have also been greatly troubled by the same 
> messages.  The common thread to these messages is what I call an 
> obfucated URL where the URL has spaces in multiple places.  I created 
> a cf file in /etc/mail/spmassassin directory and wrote my first 
> spamassassin rule.  It might not be the best but it is working for 
> me.  Basically, the rule matches a URL that starts with www.  followed 
> by a space followed by some text ending in a period like pill45. 
> followed by another space then a TLD like com, net or org.  I started 
> with a small score for testing but have significantly raised the score 
> to 4.5 now.
> # Rule to find URLs with spaces
> body            ASDM_OBF_URL           /www\.\s(.+?)\s[A-Za-z]{2,4}/i
> score           ASDM_OBF_URL           4.5
> describe        ASDM_OBF_URL           URLs with spaces
> I haven't seen any false positives yet.
> Gary Faith

Gary

That looks good.

Unofficiall signs didn't helo too much till now, but IMO this rule may 
break them down

> The Botnet plugin for Spamassassin gets almost all of these.
>    
Mark, I'll try this if the rule don't works as expected.

Thank you to all

Best regards

Alessandro Bianchi
-- 


*SKYNET S.r.l.* - *Piazza XXV Aprile 14 - 28021 Borgomanero (No)*


*tel. +39 0322-836487/834765 - fax +39 0322-836608 - www.skynet-srl.com*



Autorizzazione Ministeriale n.197


Le informazioni contenute in questo messaggio sono riservate e 
confidenziali ed è vietata la diffusione in qualunque modo eseguita. 
Qualora Lei non fosse la persona a cui il presente messaggio è 
destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene 
gentilmente comunicazione. Per qualsiasi informazione si prega di 
contattare (e-mail dell'azienda). Rif. D.L. 196/2003

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090704/9be856a8/attachment.html


More information about the MailScanner mailing list