Nigel Frankcom wrote:
On Sun, 28 Jan 2007 14:51:21 -0500, "Tim Boyer" <[EMAIL PROTECTED]>
wrote:
One thing I've noticed is that Polyakov is starting to obfuscate the URL.
What would normally be caught because it's in the Spamhaus SBL is getting
missed because of this:
Good day,
Viazzgra $1, 80
Ciazzlis $3, 00
Levizztra $3, 35
http://www.printeryml.*com ( Important ! Remove "*" )
I saw a few of those hit over the weekend, they got caught with a
combination of DCC, bayes and the KAM.cf mentioned earlier in the
week. They also tagged a modified test rule I'm running at the mo.
body Test_01 /remove \"\*\"/i
score Test_01 0.1
describe Test_01 Test remove asterisk for URL spams
Warning, the above has not been mass checked and is running here only
as a test. I can imagine instances where that would hit ham,
particularly where some people obfuscate their email address.
No doubt a different character will be substituted for the * in due
course.
How about let SpamAssassin remove invalid characters like that from the
URL before passing it to the URL blacklists ? Different characters can
be handled by making this configurable.
Bye
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
