Re: anyone collecting French 419 scams?

2009-10-19 Thread John Wilcock

I'd be happy to see them. I'm working on updating the Advance Fee 419
ruleset and your samples would be welcome. Feel free to gzip up a mbox
and send it to me.


I have a ruleset at http://www.tradoc.fr/spamassassin/fraude_fr.cf that, 
while it hasn't been actively updated for a while, still hits a few 
"classic" Nigerian scams in French. Some of its subtests hit on Dan's 
sample, but not enough to trigger the meta rule...


John.

--
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages- www.tradoc.fr


Re: anyone collecting French 419 scams?

2009-10-19 Thread John Hardin

On Mon, 19 Oct 2009, McDonald, Dan wrote:


http://pastebin.com/m693d3d17


One thing that leaps right out at me is the encoded characters (e.g. 
เ) in a text/plain body part. Does tis-620 provide for that?


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Think Microsoft cares about your needs at all?
  "A company wanted to hold off on upgrading Microsoft Office for a
  year in order to do other projects. So Microsoft gave a 'free' copy
  of the new Office to the CEO -- a copy that of course generated
  errors for anyone else in the firm reading his documents. The CEO
  got tired of getting the 'please re-send in XX format' so he
  ordered other projects put on hold and the Office upgrade to be top
  priority."-- Cringely, 4/8/2004
---
 18 days since a sunspot last seen - EPA blames CO2 emissions


Re: anyone collecting French 419 scams?

2009-10-19 Thread John Hardin

On Mon, 19 Oct 2009, McDonald, Dan wrote:


Lately, a few 419 scams have been slipping through to me, written in
French - I get two or three a week.  It's sort of amusing to me, but
wondered if anyone is collecting them to write rules.

X-Spam-Status: No, score=4 tagged_above=-999 required=4.5
tests=[BOTNET_SOHO=-0.1, L_P0F_UNKN=0.8, RAZOR2_CHECK=0.5,
UNWANTED_LANGUAGE_BODY=2.8]

http://pastebin.com/m693d3d17


I'd be happy to see them. I'm working on updating the Advance Fee 419 
ruleset and your samples would be welcome. Feel free to gzip up a mbox and 
send it to me.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Think Microsoft cares about your needs at all?
  "A company wanted to hold off on upgrading Microsoft Office for a
  year in order to do other projects. So Microsoft gave a 'free' copy
  of the new Office to the CEO -- a copy that of course generated
  errors for anyone else in the firm reading his documents. The CEO
  got tired of getting the 'please re-send in XX format' so he
  ordered other projects put on hold and the Office upgrade to be top
  priority."-- Cringely, 4/8/2004
---
 18 days since a sunspot last seen - EPA blames CO2 emissions


anyone collecting French 419 scams?

2009-10-19 Thread McDonald, Dan
Lately, a few 419 scams have been slipping through to me, written in
French - I get two or three a week.  It's sort of amusing to me, but
wondered if anyone is collecting them to write rules.

X-Spam-Status: No, score=4 tagged_above=-999 required=4.5
 tests=[BOTNET_SOHO=-0.1, L_P0F_UNKN=0.8, RAZOR2_CHECK=0.5,
 UNWANTED_LANGUAGE_BODY=2.8]

http://pastebin.com/m693d3d17


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com


signature.asc
Description: This is a digitally signed message part