Yeah, you catch my point ! I think it's easier to find a non-alphanum character than trying to decode/desobfucate/guess the subject hidden word !
Why do we have to waste resources in trying to guess "Sex Movie" out of "Se^x M-o ^v ~l e -". If it contains non-char in between chars you can directly trigger a rule ! 2011/10/17 Mynabbler <mynab...@live.com>: > > > John Hardin wrote: >> >>> On Sat, 2011-10-15 at 15:38 -0700, John Hardin wrote: >>> Check out SUBJ_OBFU_PUNCT in my sandbox. Awaiting masscheck, but we'll >>> have to be quick to see the actual results... :) >> > I wrote a couple a days ago about these subjects, did not get a response > however. I came up with something rather straightforward: > > header __MN_PUNC00 Subject =~ /~/ > header __MN_PUNC02 Subject =~ /`/ > header __MN_PUNC03 Subject =~ /\#/ > header __MN_PUNC04 Subject =~ /\$/ > header __MN_PUNC05 Subject =~ /%/ > header __MN_PUNC06 Subject =~ /\^/ > header __MN_PUNC07 Subject =~ /&/ > header __MN_PUNC08 Subject =~ /\*/ > header __MN_PUNC09 Subject =~ /\(|\)/ > header __MN_PUNC10 Subject =~ /\?/ > header __MN_PUNC11 Subject =~ /\+/ > header __MN_PUNC12 Subject =~ /=/ > header __MN_PUNC13 Subject =~ /\{|\}/ > # header __MN_PUNC14 Subject =~ /\[|\]/ > header __MN_PUNC15 Subject =~ /\|/ > header __MN_PUNC16 Subject =~ /\"/ > header __MN_PUNC17 Subject =~ /\;/ > header __MN_PUNC18 Subject =~ /\:/ > header __MN_PUNC19 Subject =~ /\// > header __MN_PUNC20 Subject =~ /_/ > meta MN_PUNCTUATION (__MN_PUNC01 + __MN_PUNC02 + __MN_PUNC03 + > __MN_PUNC04 + __MN_PUNC05 + __MN_PUNC06 + __MN_PUNC07 + __MN_PUNC08 + > __MN_PUNC09 + __MN_PUNC10 + __MN_PUNC11 + __MN_PUNC12 + __MN_PUNC13 + > __MN_PUNC15 + __MN_PUNC16 + __MN_PUNC17 + __MN_PUNC18 + __MN_PUNC19 + > __MN_PUNC20 >= 3) > score MN_PUNCTUATION 0.1 > > PUNC14 gave too much false positives with forums and such where [ForumName] > is send in the subject. The actual score for this kind of punctuation is > low, I use the rule in a meta with URL shortening, free websites, free > blogs, stuff like that, and it is hovering above the kill switch. Also note > that is does not choke on subjects like ===++++====, where a multiple would. > > > -- > View this message in context: > http://old.nabble.com/Why-doesn%27t-anything-at-all-get-these-botnet-spammers--tp32659169p32668643.html > Sent from the SpamAssassin - Users mailing list archive at Nabble.com. > >