Mmmm.... MY_SHRT_IMG is another one of my spawns :) I love that one! I have added this domain to the next bigevil update. Which is hopefully tomorrow. But I find it interesting that lisahomepage.com is similar to another I added today, jameshomepage.com . They look like the same thing.
--Chris > -----Original Message----- > From: Bob George [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 31, 2004 2:38 PM > To: [EMAIL PROTECTED] > Subject: Re: How to stop HTML Porn emails? > > > Greg Cirino - Cirelle Enterprises wrote: > > > I think you have stumbled across the spam that renders all filters > > useless > > Mere filters? Yes. But here, we use SPAMASSASSIN (queue > superman theme). > > It hit 10.0 here, even without bigevil: > > > Content analysis details: (10.0 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- > -------------------------------------------------- > > 2.0 FROM_NO_LOWER 'From' has no lower-case characters > > -0.0 BAYES_44 BODY: Bayesian spam probability > is 44 to 50% > > [score: 0.4995] > > 0.1 HTML_MESSAGE BODY: HTML included in message > > 0.3 MIME_HTML_ONLY BODY: Message only has > text/html MIME parts > > 0.8 MY_SHRT_IMG BODY: 1-3 letter gif or jpeg in url. > > 1.5 BIZ_TLD URI: Contains a URL in the BIZ > top-level domain > > 1.6 HEADER_COUNT_CTYPE Multiple Content-Type headers found > > 1.1 MIME_HTML_ONLY_MULTI Multipart message only has > text/html MIME parts > > 2.5 INVALID_MSGID Message-Id is not valid, > according to RFC 2822 > > MY_SHRT_IMG is from coding_html.cf. Others are all stock 2.63 > as shipped > with debian (testing.) Even if the message was mangled somewhat as > posted, I'd still expect it to hit > 5.0. > > This one evaded all of my bayes, but SA caught it just fine. Off to > training! > > - Bob >
