Re: Rule for this kind of spam?
On Monday 20 August 2007, Rob McEwen wrote: In one of these cases, the message contains ONLY letters and numbers... all other spaces, line breaks, and punctuation has been removed. Even underscores are removed. Have you considered the opposite? Removing all letters, numbers and spaces, leaving only punctuation and line breaks? Its very rare to have valid sentences composed of lines with more than, say 4 or 5 punctuation marks per line. I wonder if one could develop rule around bodies composed of more than, say X number of excessively punctuated lines. -- _ John Andersen
Rule for this kind of spam?
Anyone have a rule that will kill this type of spam? H,E_R-E WE GO A'GAIN! T.H-E B'I'G O N*E BEFO RE T*H*E SEPTEMBE_+R.RALLY! T_H'E MAR KET IS A BOUT TO P'O-P_, A N D SO IS E,X+M*T,! Ti ck: E-X M'T 5--day po.tentia'l: 0.._4+0 Fir_m: EXCHA'*NGE M OBILE T,E.L+E (.Other O'T_C : EX'MT.PK) A's.k*: 0_.'1 0 ( .+25.00%) UP TO 2-5*% in 1 day N'o+t o+n-l_y d-o e's t+h i.s f+i-r_m h+a*v+e gr,eat fundamen,ta_ls, b+u+t gettin_g t h*i.s oppor+tu+nity at t+h+e rig*ht t_i,m_e , It gets a score of 4, not 5 -- Mike Yrabedra B^)
Re: Rule for this kind of spam?
Anyone have a rule that will kill this type of spam? H,E_R-E WE GO A'GAIN! T.H-E B'I'G O N*E BEFO RE T*H*E SEPTEMBE_+R.RALLY! T_H'E MAR KET IS A BOUT TO P'O-P_, A N D SO IS E,X+M*T,! As others have mentioned, chickenpox.cf. Available in the other rules section at rulesemporium. Loren
Re: Rule for this kind of spam?
Anyone have a rule that will kill this type of spam? H,E_R-E WE GO A'GAIN! T.H-E B'I'G O N*E BEFO RE T*H*E SEPTEMBE_+R.RALLY! T_H'E MAR KET IS A BOUT TO P'O-P_, A N D SO IS E,X+M*T,! As others have mentioned, chickenpox.cf. Available in the other rules section at rulesemporium. Here is another way: Most of my spam filtering is my own custom written program... and I use SA more as a helper application... but in my own programing, I have a feature where I strip down the the message in various ways where rules can be applied to those version of the message instead of the original message. In one of these cases, the message contains ONLY letters and numbers... all other spaces, line breaks, and punctuation has been removed. Even underscores are removed. I also convert the message to lowercase. Therefore, for this series of spams, I simply search on what I call my text_packed_lowercase version of the message using an exact match (no regex needed!)... on the following three phrases: thebigonebeforethe herewegoagain themarketisaboutto Then when ALL three match, my rule triggers and I'm catching (I think?) all of these without any chance for a FP. So far, I haven't seen this rule miss any of this series. Perhaps there is some equivalant functionality in SA? Rob McEwen PowerView Systems [EMAIL PROTECTED]
Re: Rule for this kind of spam?
On Mon, 20 Aug 2007, Rob McEwen wrote: In one of these cases, the message contains ONLY letters and numbers... all other spaces, line breaks, and punctuation has been removed. Even underscores are removed. I also convert the message to lowercase. Perhaps there is some equivalant functionality in SA? If not, there ought to be! :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...in the 2nd amendment the right to arms clause means you have the right to choose how many arms you want, and the militia clause means that Congress can punish you if the answer is none. -- David Hardy, 2nd Amendment scholar --- 5 days until The 1928th anniversary of the destruction of Pompeii
