http://bugzilla.spamassassin.org/show_bug.cgi?id=3204
------- Additional Comments From [EMAIL PROTECTED] 2004-03-23 21:20 -------
my JS rules hit on your sample just fine...
[EMAIL PROTECTED] root]# cat yourspam.txt | spamc | head -40
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0017_01C412E2.36A0E868"
X-Priority: 3
Subject: [SPAM-08.34]-
X-Spam-Score: 8.3
X-Spam-Flag: YES
X-Spam-Level: ********
X-Spam-Status: Yes, hits=8.3 required=4.0
X-Spam-Tests: DATE_MISSING=0.985,FROM_NO_LOWER=1.897,HTML_90_100=1.073,
HTML_MESSAGE=0.001,IO_HTML_0_512=0.3,JS_ENCODE_1=0.5,JS_ENCODE_2=0.75,
JS_ENCODE_FULL=2,PRIORITY_NO_NAME=0.831
X-Spam-Report:
* 1.0 DATE_MISSING Missing Date: header
* 1.9 FROM_NO_LOWER 'From' has no lower-case characters
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.1 HTML_90_100 BODY: Message is 90% to 100% HTML
* 0.5 JS_ENCODE_1 BODY: Possible comma seperated ascii representations
* 0.8 JS_ENCODE_2 BODY: Contains document.write - Javascript Spam
* 0.3 IO_HTML_0_512 BODY: Less than 512 characters between html/body
tags
* 2.0 JS_ENCODE_FULL Uses Javascript ascii encoding to hide text
* 0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer
Here are the rules I have in my local.cf to combat javascript encodings... i
think i posted these to the list a while back, and i do masscheck on new mail
every week, and i have not seen a huge rise in javascript encoded spam, but i
like to keep them in my cf just in case :)
anyways.. here are my rules if it matters.
rawbody JS_ENCODE_1 /\b(?:\d{1,3}[\s\,]+){8}/
describe JS_ENCODE_1 Possible comma seperated ascii representations
score JS_ENCODE_1 0.5
rawbody JS_ENCODE_2 /document\.write/i
describe JS_ENCODE_2 Contains document.write - Javascript Spam
score JS_ENCODE_2 0.8
meta JS_ENCODE_FULL (JS_ENCODE_1 && JS_ENCODE_2)
describe JS_ENCODE_FULL Uses Javascript ascii encoding to hide text
score JS_ENCODE_FULL 2.0
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
