Jimmy Stewpot wrote: > Hello, > > I am currently trying to configure spam assassin with some custom rules > to block certain words which are being used in a large amount of spam > that the email servers receive. When I put the following rules into the > local.cf file > > body VIjAGRA /\bVIjAGRA\b/i > score VIjAGRA 3.0 > describe VIjAGRA VIAGRA_SPAM
I've been getting the same junk mails you are, but I've also been getting it as: -VIAGvRA -VIAGeRA -VIeAGRA Hence, I think this might be a better rule: body LOC_OBFU_VIAGRA /\bV[a-z]?I[a-z]?A[a-z]?G[a-z]?R[a-z]?A\b/ score LOC_OBFU_VIAGRA 3.0 describe LOC_OBFU_VIAGRA A lame attempt to obfuscate "viagra" Rinse and repeat for CIALvIS, AMBIvEN, VALIvUM...or a rule that'll catch them all in one: body LOC_OBFU_DRUGS /\b[VCA][a-z]?[IMA][a-z]?[ABL][a-z]?[GLI][a-z]?[RIEU][a-z]?[ASNM]\b/ score LOC_OBFU_DRUGS 3.0 describe LOC_OBFU_DRUGS Attempting to hide one of the 5-letter drugs I removed the "/i" option because they're showing up only with all caps drugs and lowercase "insertions" for me, and without them, the rules will match "viagra" just as much as "VIAGjRA". Unless you're sure you won't get any legitimate mail with any of these drug names in it, I'd also change this to a subject header rule instead of a body rule.
