> -Original Message-
> From: David B Funk [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 11, 2003 12:38 PM
> To: Chris Santerre
> Cc: Spamassassin-Talk (E-mail)
> Subject: RE: [SAtalk] tricky spam
>
>
> On Fri, 11 Jul 2003, Chris Santerre wrote:
> >
On Fri, 11 Jul 2003, Chris Santerre wrote:
>
> Usually write it like, /(f|ph)ot0|(f|ph)0to/i
>
Minor perl technicality, use the 'non rembering' version of the
grouping operator, (?: ... ). As you probably aren't going to
interpolate the match in a backreference, don't waste the CPU and
memory to '
Hi, i'm using Razor, but not DCC or RBLs. Razor said nothing about it.
Thanks for the answers list. :)
German
- Original Message -
From: "Jim Ford" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 10, 2003 4:55 PM
Subject: Re: [SAtalk] tricky
> -Original Message-
> From: David B Funk [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 6:15 PM
> To: Chris Santerre
> Cc: 'German Staltari'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] tricky spam
>
>
> On Thu, 10 Jul 2003, Chris Santer
Chr. von Stuckrad wrote:
Or is there something causing me to only use 'ored' strings?
Yours is Posix, Matt's is Perl/PCRE.
Best,
Tony
--
Tony Earnshaw
I love the music of Wagner. The only sound that
pleases me more is that of a cat outside my 9th
floor window, trying to cling to the glass with
On Thu, 10 Jul 2003, Chris Santerre wrote:
>
>
> I had a rule note on this from before. Haven't got to it yet. Basicaly
> because of the FP rate. I'm going to write a few quick rules that look for
> letterzeroletter and letter1letter. You can see why the FP rate would be
> high. But I would score
Hallo,
> > Hi, i've attahced a very tricky SPAM mail that has been
> > scored with 0.8
> > points, what can be done with this kind of SPAM?.
> > Thanks
> > German
> >
> It is easy to write a rule for some of the better knowns ones like
> /(f|ph)(o|0)t(o|0)/i
> but with all the ways of doing OBFU i
On Thu, Jul 10, 2003 at 01:54:07PM -0400, Matt Kettler wrote:
> body LOCAL_SHOCKING_PHOTOS /\bsh(?:0|o)c(?:1|i)ng ph(?:0|o)t(?:0|o)(?:s|z)/i
Did I miss something in the docs?
I'd have written this (witch char classes) as:
body LOCAL_SHOCKING_PHOTOS /\bsh[0o]ck[1i]ng ph[0o]t[0o][sz]/i
(by the wa
Hi, i've attahced a very tricky SPAM mail that has been scored with 0.8
points, what can be done with this kind of SPAM?.
Thanks
German
Bueno, primero que nada, por fin aparece otro argentino en la lista! Ya
creía que era el único que tiraba para estos lados...
Segundo, dále al sa-learn sobre el m
> On Thu, Jul 10, 2003 at 11:53:01AM -0300, German Staltari wrote:
> > Hi, i've attahced a very tricky SPAM mail that has been scored with 0.8
> > points, what can be done with this kind of SPAM?.
I see you're not using Razor, DCC or RBLs. I'll bet if you had it would've
been hit hard - they make
At 11:53 AM 7/10/2003 -0300, German Staltari wrote:
Hi, i've attahced a very tricky SPAM mail that has been scored with 0.8
points, what can be done with this kind of SPAM?.
Thanks
German
This kind of spam is admittedly very well suited to bayes, as someone else
already noted, but there are rules
> -Original Message-
> From: German Staltari [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 10:53 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] tricky spam
>
>
> Hi, i've attahced a very tricky SPAM mail that has been
> scored with 0.8
> points, what can be done with this k
I like to make lots of custom rules (I gratifying watching how effective they can be).
I have several that I update with porn words that spammers try to be clever with. In
your case:
body CLEVER_P0RN/(?:sexua1|0rgies|ph0t0s|sch00l)/i
Notice that they use one's for the letter L, zero's
On Thu, Jul 10, 2003 at 11:53:01AM -0300, German Staltari wrote:
> Hi, i've attahced a very tricky SPAM mail that has been scored with 0.8
> points, what can be done with this kind of SPAM?.
First and foremost, you can feed it to the Bayesian classifier as spam
using sa-learn. That will cause all
14 matches
Mail list logo