On Sun, 19 Jul 2009, Mike Wallace wrote:
I got one today that wasn't caught by your rule
Whose, mine or Dan's?
it had 22232 for the domain name inside of www and net and used bracket
dot bracket for the separator.
My URI_OBFU_WWW rule (from the SA sandbox) should have caught that. Dan's
is still focused on the current XX99 domains.
Also: please prune reply and don't top-post. Thanks.
On Jul 16, 2009, at 6:23 PM, McDonald, Dan wrote:
> > > >
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_uri_obfu_ws.cf
body __MED_OB
/\bw{2,3}(?:[[:punct:][:space:]]{1,5}|[[:space:][:punct:]]{1,3}dot[[:space:][:punct:]]{1,3})[[:alpha:]]{2,6}\d{2,6}(?:[[:punct:][:space:]]{1,5}|[[:space:][:punct:]]{1,3}dot[[:space:][:punct:]]{1,3})(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
body __MED_NOT_OB /\bw{2,3}\.[[:alpha:]]{2,6}\d{2,6}\.(?:com|net|
org)\b/i
meta AE_MED44 (__MED_OB && ! __MED_NOT_OB)
describe AE_MED44 Shorter rule to catch spam obfuscation
score AE_MED44 2.0
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If "healthcare is a Right" means that the government is obligated
to provide the people with hospitals, physicians, treatments and
medications at low or no cost, then the right to free speech means
the government is obligated to provide the people with printing
presses and public address systems, the right to freedom of
religion means the government is obligated to build churches for the
people, and the right to keep and bear arms means the government is
obligated to provide the people with guns, all at low or no cost.
-----------------------------------------------------------------------
Tomorrow: the 40th anniversary of Apollo 11 landing on the Moon
