> Is it a new spammer trick (base64 body with URL base64
> representation splitted across several lines) ?
It could be, but I suspect it's simply a coincidence. base64 encoding is normally done
with a forced line length for the encoded data, and it has allways been this way. When
decoding bas
; From: Brian Sneddon [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 31, 2003 12:14 PM
> To: 'Jennifer Wheeler'; 'Chris Santerre'
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Rule to block Paris Hilton spam
>
> Wont that \n at the end of th
Wont that \n at the end of the regex match virtually ALL mail?
Brian
-Original Message-
From: Jennifer Wheeler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 31, 2003 12:06 PM
To: 'Chris Santerre'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Rule to block Paris Hilton sp
hilton_b64 .03
good goin peeps! :)
Jennifer
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-
> [EMAIL PROTECTED] On Behalf Of Chris Santerre
> Sent: Wednesday, December 31, 2003 11:34 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Rule to block Paris H
: 'Stephane Lentz'
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Rule to block Paris Hilton spam
>
>
> Ok, this didn't work overnight. However I did receive spam
> with the exact
> first base64 pattern in it. So I think it is just a problem
> with raw
Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 29, 2003 5:27 PM
> To: 'Stephane Lentz'; Chris Thielen
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Rule to block Paris Hilton spam
>
>
> I offer this in UNTESTED
hilton_b64 .01
> -Original Message-
> From: Stephane Lentz [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 29, 2003 5:14 PM
> To: Chris Thielen
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Rule to block Paris Hilton spam
>
>
> Hi again,
>
> On Mon,
Hi again,
On Mon, Dec 29, 2003 at 01:41:17PM -0600, Chris Thielen wrote:
> Stephane Lentz said:
> > => Thanks for the info. Two samples of such spam are now available at
> > http://milter.free.fr/spam/ (hilton-sample1.txt & hilton-sample2.txt
> > files)
>
> Stephane,
>
> I glanced at the spamas
Stephane Lentz said:
> => Thanks for the info. Two samples of such spam are now available at
> http://milter.free.fr/spam/ (hilton-sample1.txt & hilton-sample2.txt
> files)
Stephane,
I glanced at the spamassassin source just now. I may be wrong, but it
appears that the URI tests only matches on
Hi Chris,
On Mon, Dec 29, 2003 at 09:58:33AM -0600, Chris Thielen wrote:
> Stephane Lentz said:
> > Hi,
> >
> > it seems that there are many spam lately offering to view the
> > Paris Hilton video.
> > I tried to devise a rule to spot such spam but with no success
> > (either with 2.55 or 2.60 -
Stephane Lentz said:
> Hi,
>
> it seems that there are many spam lately offering to view the
> Paris Hilton video.
> I tried to devise a rule to spot such spam but with no success
> (either with 2.55 or 2.60 - upgrade to 2.61 planned)
> Full spam message with headers available if needed.
Please
Hi,
it seems that there are many spam lately offering to view the
Paris Hilton video.
I tried to devise a rule to spot such spam but with no success
(either with 2.55 or 2.60 - upgrade to 2.61 planned)
Anybody came up with some solution ?
My rule was :
uri LOCAL_HILTON /special-selections\.co
12 matches
Mail list logo
