http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4875
Summary: obfuscated drugs
Product: Spamassassin
Version: 3.1.0
Platform: All
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Libraries
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
Today, I got a few viagra/cialis spams that didn't get caught by spamassassin.
It's using HTML obfuscating where the letters of the names of the drugs (VIAGRA,
etc) are interspersed with random letters inside a <FONT size=2 color=#F3F027>
tag.
I guess this could be matched quite easily by first removing font tags with
small sized, and then matching the resulting string against the drug names.
Something like (untested)
s{<font[^>]+size=['"]?(?:0*[1-4](?!\d)|0*[0-3]?\d\%).*?>.*?</font.*?>}{}gi;
would remove <font> tags with sizes of 4pt and smaller or percentages of less
than 40%. The result should be matched against the existing drug name tests.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
