On Sat, 6 Oct 2018, RW wrote:
On Fri, 5 Oct 2018 16:34:51 +0000
Zinski, Steve wrote:
Here's how I'm blocking bitcoin emails with Unicode characters
embedded:
body __BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
body __BTC2 /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i
body __BTC3 /\b\W*b\W*t\W*c\W*\b/i
body
__BTC4 /\bb[i\x{0456}]t[c\x{0441}][o\x{043E}][i\x{0456}]n\b/i
meta LOCAL_BITCOIN ( __BTC1 && ( __BTC2 || __BTC3 || __BTC4 ) )
score LOCAL_BITCOIN 10.0
Works like a charm in my environment.
The trouble with this is that you would be adding 10 point to anything
with a bitcoin address whether anything's obfuscated or not. If you want
to avoid this take a look at the FUZZY_* rules.
The version of this in my sandbox doesn't have that weakness. I did some
tuning compared to what Steve proposed.
BTW, Steve, your emails appear to be going to the list multiple times (or
is that just me?)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Show me somebody who waxes poetic about "Being at one with Nature"
and I'll show you someone who hasn't figured out that Nature is an
infinite stomach demanding to be fed. -- Atomic, at Wapsi forum
-----------------------------------------------------------------------
555 days since the first commercial re-flight of an orbital booster (SpaceX)