Re: Little custom rule

Sun, 05 Feb 2006 15:14:39 -0800 

On Sunday 05 February 2006 2:25 pm, Ruben Cardenal wrote:
> Hi,
>
>   In one of my servers (7200 accounts) I'm receiving tons of a spam that
> is mainly composed by an image and its subject is always "FW: blah" where
> "blah" is the destination account. This is, if the mail is sent to
> [EMAIL PROTECTED] the subject is always "Fw: john"
>
>   Can that be matched by a rule?
>
>   Regards,
>
> Ruben

These are caught quite easily on my home system:

Content analysis details:   (42.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- 
--------------------------------------------------
 1.1 EXTRA_MPART_TYPE       Header has extraneous Content-type:...type= 
entry
 2.0 DATE_IN_PAST_96_XX     Date: is 96 hours or more before Received: date
 2.0 BIZ_TLD                URI: Contains an URL in the BIZ top-level domain
 1.9 HTML_IMAGE_ONLY_12     BODY: HTML: images with 800-1200 bytes of words
 0.0 HTML_MESSAGE           BODY: HTML included in message
 3.0 BAYES_95               BODY: Bayesian spam probability is 95 to 99%
                            [score: 0.9555]
 1.0 M_K_N0N0_WORDS_BODY    RAW: The body contains n0n0 words
 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 2.2 DCC_CHECK              Listed in DCC 
(http://rhyolite.com/anti-spam/dcc/)
 3.9 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [201.220.121.72 listed in sbl-xbl.spamhaus.org]
 1.6 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: bambooo.MUNGED.biz]
 3.8 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist
                            [URIs: bambooo.MUNGED.biz]
 4.1 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: bambooo.MUNGED.biz]
 2.1 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: bambooo.MUNGED.biz]
 3.0 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: bambooo.MUNGED.biz]
 4.5 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: bambooo.MUNGED.biz]
 0.8 DIGEST_MULTIPLE        Message hits more than one network digest check
 1.6 HTML_SHORT_LINK_IMG_2  HTML is very short with a linked image
 1.0 SAGREY                 Adds 1.0 to spam from first-time senders

-- 
Chris
Registered Linux User 283774 http://counter.li.org
17:11:40 up 26 days, 22:58, 1 user, load average: 0.06, 0.15, 0.19
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk

Attachment: pgpczLgFoHGH5.pgp
Description: PGP signature

Reply via email to