-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Abigail,
Tuesday, June 17, 2003, 10:41:46 PM, you wrote:
AM> The reason the spam in your case bypassed SA but got caught
AM> when you had others run it is here:
>> X-Spam-Status: No, hits=3.3 required=9.0
>> tests=BASE64_ENC_TEXT, ...
>> version=2.54
AM> What this means is that the text itself in the email was
AM> encoded, so SA couldn't read it - instead, SA could only
AM> read the information in the headers and assign a score
AM> based on that.
Ah! Thanks.
AM> The easiest thing for you to do is to assign a much higher
AM> score to the BASE64_ENC_TEXT test in your local.cf file.
AM> I've never seen a legit email containing Base 64 encoded
AM> test, though it's possible that in certain contexts it could
AM> be done - but for the most part its a spam trick and you are
AM> safe to assign that test a very high score.
Checking my corpus, 4.5k spam and 10k ham, for all emails where SA
identified this BASE64_ENC_TEXT situation, I find 271 hits, one in a
response from Microsoft technical support, one in a marketing ham from
Asia (valid email directed to someone who does buy full containers of
building materials from Asia), one in a marketing ham from a shirt
manufacturer (valid: I sent them email inquiring about their products),
two others that are questionable, and the rest spam.
Of those, the Asian ham scored 6 of 9:
X-Spam-Status: No, hits=6.0 required=9.0
tests=BASE64_ENC_TEXT,DEAR_SOMETHING,WE_PROMISE_YOU
version=2.54
and two others scored above 4.5, so I don't want to bump BASE64_ENC_TEXT
too much higher...
But thanks again. At least I have something I can work with.
Bob Menschel
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPvBwl5ebK8E4qh1HEQKhawCfaXeU4D39DhLNpPFL7xVU8zIR6ZQAoODd
fhNHSUyuJIUyYm393ZRExfTZ
=7uuk
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
