Re: Babes in blue spam

2010-10-13 Thread mdunlap
Thanks Karsten, I am a bit new to this so I do apologize. Here is a link
to one of the offending emails, http://drop.io/xf2ict5/asset/spam
When I try to have the Bayesian filter learn from spam in the terminal and
was to run "sa-learn --spam RANDOM_SPAM_MESSAGE" it would output as:

"Learned tokens from 1 message(s) (1 message(s) examined)"

However with the spam from (¯`·._..babes_in_blue^(TM).._.·´¯) it outputs:

"Learned tokens from 0 message(s) (0 message(s) examined)"

Which leads me to believe it is not even recognizing the input as a mail
message so something is causing it to quit prematurely. My first hunch was
that something to to with the characters in the Subject line might have
something to do with it, because the characters "(¯`·._." and
"^(TM).._.·´¯)" show up garbled in emacs or a similar reader.


On Tue, 12 Oct 2010 23:01:07 +0200, Karsten Bräckelmann
 wrote:
> On Tue, 2010-10-12 at 15:09 -0500, mdunlap wrote:
>> I've had problems sa-learning some particular emails that have some
ASCII
>> escape characters, I've been getting this email that passes right
through
>> the filter Subject: (¯`·._..babes_in_blue^(TM).._.·´¯) sa-learn won't
>> recognize it as an actual email message, I'm pretty sure these
characters
>> "(¯`·._.." are escaping it some how. Any ideas? These spammers have
>> found a
>> way to bypass spam detection because spam assassin wont even recognize
>> it.
>> Can you guys make any sense of it?
> 
> Err, those are not "escape characters". They are characters.
> 
> What do you mean exactly, "sa-learn won't recognize it as an actual
> message"? Please elaborate. And no, I believe "spammers have found a way
> to bypass spam detection" to not be true. Anyway, more details and
> evidence, please.
> 
> Plus, please put a sample somewhere we can download it, and post the
> link. A *raw* message, including all headers [1]. Yes, also the SA
> headers.
> 
> 
>> HERE is the header and part of the message
>> Sorry for the long message
> 
> Please do NOT send spam to the list.
> 
> 
> [1] If need be, you can mask domain names by using example.com instead.


Escape characters passing spam through

2010-09-02 Thread mdunlap
I've had problems sa-learning some particular emails that have some 
ASCII escape characters, I've been getting this email that passes right 
through the filter Subject: (¯`·._..babes_in_blue^(TM).._.·´¯)
sa-learn won't recognize it as a message scanned, I'm pretty sure these 
characters "(¯`·._.." are escaping it some how. Any ideas?