Ronan
have a look at the chicken pox rules from www.rulesemporium.
I believe they are in 3.0 by default now, also there's lots of other rules on that site do to with commom obsfucation techniques.
-- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300
Ronan wrote:
bash-2.03$ grep 25573 /var/log/syslog.0
Oct 11 09:21:32 elisha spamd[25573]: info: setuid to nobody succeeded
Oct 11 09:21:32 elisha spamd[25573]: checking message (unknown) for nobody:60001.
Oct 11 09:21:32 elisha spamd[25573]: clean message (0.2/5.0) for nobody:60001 in 0.0 seconds, 13428 bytes.
I presume the above is simply due to the messages coming into our system without any attached messageid headers...??
secondly,
if this has been covered before, i havent seen it and secondly any words which offend below are used in the context of further reducing the greater offense of recieving them en masse in spam....
i see a limit to the regex descriptions which implement the matching on rules... you can search for 'cunt' but this provides a problem due to the scunthorpe affect.
I want to implement a filter that in a buffer of arbitrary length say 10 the pattern matches the 4 character string in the order in which the word is spelt. ie all below would be flagged
xxxcxxuxnt cxxuxxnxtx
etc... where x can be anything, space, underscore, whatever.
you can then additionally scan for the typical spamming practises of v1agra or v.1.a.g.r.@
has this been done As i am not a regex guru im still trying to implement this but i thought id throw it out to yis anyway
thanks ronan
**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.
This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean.
**********************************************************************
