Tiny text only spam (semi OT)

--[ UxBoD ]-- uxbod at splatnix.net
Sun Jul 12 15:18:38 IST 2009

----- "Bernard Lheureux" <bernard.lheureux at bbsoft4.org> wrote:

> Alessandro Bianchi wrote:
> Gosh, they found the way to bypass this rule:
> I received these this night (2 different messages containig this):
> in the 1st: Can Exercise Bodost Your sex rDive?.www .za16. com
> in the 2nd: Save oYur Relationship With These Amazing Secerts:
> www,nu26,com
> Has anyone a solution to avoid these kind of spams ?

body            URI_OBFU_XX99_WS      /\bwww(?:\s\W?\s?|\W\s?)\w{1,15}\d{1,10}(?:\s\W?\s?|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
describe        URI_OBFU_XX99_WS      Space-obfuscated xxx999 URI
score           URI_OBFU_XX99_WS      2.0

body            __MED_BEG_SP          /\bw{2,3}[[:space:]][[:alpha:]]{2,6}\d{2,6}\b/i
body            __MED_BEG_PUNCT       /\bw{2,3}[[:punct:]]{1,3}[[:alpha:]]{2,6}\d{2,6}\b/i
body            __MED_BEG_DOT         /\bw{2,3}\.[[:alpha:]]{2,6}\d{2,6}\b/i
body            __MED_BEG_BOTH        /\bw{2,3}[[:punct:][:space:]]{2,5}[[:alpha:]]{2,6}\d{2,6}\b/i
body            __MED_END_SP          /\b[[:alpha:]]{2,6}\d{2,6}[[:space:]](?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
body            __MED_END_PUNCT       /\b[[:alpha:]]{2,6}\d{2,6}[[:punct:]]{1,3}(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
body            __MED_END_DOT         /\b[[:alpha:]]{2,6}\d{2,6}\.(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
body            __MED_END_BOTH        /\b[[:alpha:]]{2,6}\d{2,6}[[:punct:][:space:]]{2,5}(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i

meta            AE_MED42              (__MED_BEG_SP || __MED_BEG_PUNCT || __MED_BEG_DOT || __MED_BEG_BOTH ) && (__MED_END_SP || __MED_END_PUNCT || __MED_END_DOT || __MED_END_BOTH) && ! (__MED_BEG_DOT && __MED_END_DOT )
describe        AE_MED42              rule to catch still more spam obfuscation
score           AE_MED42              2.0

I would highly recommend joining the knowledgeable people on the SpamAssassin list aswell :)

Best Regards,

SplatNIX IT Services :: Innovation through collaboration

More information about the MailScanner mailing list