On Fri, 2003-12-05 at 14:37, Chr. von Stuckrad wrote: > Hi! > > I just found a perfectly legitimate E-Mail > which neighter contained Spam-Text nor any html > in my Spambox, hit by two 'ofsucation checks'. > > One I had generated with https://sandgnat.com/cmos/cmos.jsp > in response to the ever increasing use of the Word 'curn', > the other checks for 'too long or short html-tags'. <snip> > the HTML rule, and I *assume* that somewhere in in the base64-code > will be the 'seemingly ofuscated p*rn-word ...
Hi. With short obfu-checks such as curn you mentioned, false hits are difficult to avoid on binary data such as (as I've experienced) jpgs. I'm guessing your hit was somwhere on the PDF or the word file. The body rules are run with attachments decoded. I just released version 0h of CMOScript. It has a new algorithm for generating the gap pattern. If the rule's source word is 3 characters or less it will use a more restrictive gap pattern and should help tone down the volume of false positives (I hope). -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases: http://www.sandgnat.com/cmos/ ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk