<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 77.95pt 1.0in 77.95pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font>-----Original Message-----</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font>From:
mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font>bounces@lists.mailscanner.info] On
Behalf Of Burak Ueda</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font>Sent: January 29, 2007 11:23 PM</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font>To: MailScanner discussion</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font>Subject: {Spam?} Re: Missing new
spam...</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> Hi,</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> wrote some set of rules for this.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> I am an absolute beginner in both writing SA
rules, and using regular</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> expressions.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> I am continuously checking it for few days now,
and it seems to be</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> working.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> But I'd love to hear some comments from
experienced users. Here are the</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> rules:</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> http://burakueda.com/text/drugrules.txt</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> Jay Chandler wrote:</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > Gotten a few of these:</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> ></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > Hi,</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> ></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > VI_zAGRA $3, 35</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > VA_zLIUM $1, 20</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > AM_zBIEN $2, 90</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > CI_zALIS $3, 75</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > XA_zNAX $1, 45</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> ></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > http://www.tod*rx.com</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > Remove "*" to make the link
working!</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> ></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> ></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> > Has anyone written some custom rules to
handle these yet?</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-CA
style='font-size:10.0pt'>> ></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>Consider:<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'># every rule has a
"clean" counter-part, since these are legitimate words
individually...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>body
__UBI_PHARMVIAG01 /v[il1t]{0,1}.{0,2}a.{0,2}g{1,2}.{0,2}a{0,1}.{0,2}ra/i<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>body __UBI_PHARMVIAG02
/viagra/i<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>body
__UBI_PHARMAMBI01 /am.{0,2}b.{0,2}[il1].{0,2}en/i<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>body
__UBI_PHARMAMBI02 /ambien/i<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>body
__UBI_PHARMCIAL01 /c[il1].{0,2}a.{0,2}l[il1]s/i<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>body __UBI_PHARMCIAL02
/cialis/i<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>body
__UBI_PHARMVALI01 /va.{0,2}l.{0,2}[il1]um/i<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>body
__UBI_PHARMVALI02 /valium/i<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'># counter-rules to balance
"clean" hits...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=FR-CA style='font-size:10.0pt;color:black'>meta
UBI_PHARMVIAGRA ( __UBI_PHARMVIAG01 && ! </span><span
lang=EN-CA>__UBI_PHARMVIAG02 )<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>score
UBI_PHARMVIAGRA 6<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>describe
UBI_PHARMVIAGRA Obfuscated Viagra string<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>#etc...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>I prefer {0,1} to ?, simply
because it "feels" more precise, but both work (obviously).<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=FR-CA style='font-size:10.0pt;color:black'>--<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=FR-CA style='font-size:10.0pt;color:black'> _<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=FR-CA style='font-size:10.0pt;color:black'> °v° Daniel Maher<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=FR-CA style='font-size:10.0pt;color:black'>/(_)\ Administrateur Système
Unix<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=FR-CA style='font-size:10.0pt;color:black'> </span><span lang=EN-CA>^ ^
Unix System Administrator<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'> <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 color=black face="Courier New"><span
lang=EN-CA style='font-size:10.0pt;color:black'>Four elements!<o:p></o:p></span></font></p>
</div>
</body>
</html>