Hey Mike,
> -----Original Message-----
> From: MIKE YRABEDRA
> Sent: Wednesday, November 19, 2003 8:55 AM
> To: SPAMASSASSIN
> Subject: Re: [SAtalk] <font color="#FFFFFF">
>
>
> on 11/17/03 3:13 PM, Michael Weber at [EMAIL PROTECTED] wrote:
>
> > I've had a rule filtering out that font color for several
>
> > months with no complaints. I tag it with the description "Spammers
> > favorite color"
> > ;-)
>
>
> Is this the proper way to do this?
>
> body WHITE_FONT /font color=\"#ffffff\"/i
> describe WHITE_FONT Uses White Font Tag
> score WHITE_FONT 5.000
The body check will preprocess the message and remove the HTML tags. I
would suggest the rawbody test. My test looks like:
describe MY_RBDY_INVSTXT MY: Invisible text color
rawbody MY_RBDY_INVSTXT /<font\s?.*
color=("?\#?FFFFF[0-9A-F]"?|"?white"?).*>/i
score MY_RBDY_INVSTXT 2.0
The class [0-9A-F] will catch a spammer trying to obfuscate the white font
with near white shades.
I don't know if the rawbody line will wrap or not. Outlook tends to munge
long lines. There should be *no* wraps (line breaks) in the lines.
This test will produce minor FPs on some solicited advertising like
Travelocity.com notifications and the like. It will also produce some FPs
on some of those usless jokes relatives tend to send. ;) Sometimes they
will use something like a blue background with white lettering. However,
the FPs on the test occur no where near as often as spam.
A great source for rules is:
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
--Larry
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
