I've been seeing a bunch of spam getting through my filter recently, and
they all have the same thing in common: an underscore at the beginning
of the "From" and/or "Subject" lines. This should be really easy to pick
up with bombHeaderRe, but something's not working.
Here's an example of the spam I'm seeing:
From:_Male Health <support-team_0rk47mtncmz9bfpalcklzzn...@offer.market.ca>
Subject:_Size matters and we can help
Sometimes there is a space in between the colon and the underscore,
usually there is not.
Here is the regex I added to my bombHeaderRe:
From\:.*\_=>60
Subject\:.*\_=>60
However, I quickly realized that this was tagging EVERY email coming
through the server! For instance, here's an email:
From: Readly <rea...@news.readly.com>
And looking at mail analysis, it's being caught by this regex, even
though there is no underscore:
BombHeader RE: 'highest match: "(matchlength:84) From: Readly
<readly@news.readly" with valence: 60 - PB value = 60'
matching bombHeaderRe(file:files/bombheaderre.txt[line 188]): 'From\:.*_'
Any idea what's going wrong and causing this?
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
