On Fri, 2009-01-23 at 07:56 -0800, Dennis Hardy wrote: > Hi, I'm getting hammered by snowshoe spam :-( I've added rules to try to > catch common formats of included URLs in the spam, but I'm wary of scoring > these rules too high because of the potential for false positives. It's > hard to come up with other rules as the spam e-mail content is so generic. > By default these spams score incredibly low (bayes, etc.) In many cases, > the low bayes values are scoring negative, which completely offsets the few > positive scoring rules that I have added.
I've been using this rule to knock some of these down: uri AE_ASM /\/[[:alpha:]]{28,40}$/ describe AE_ASM long gibberish path used by ASM Marketing score AE_ASM 1 Highly unusual to have a url like that in ham... I'm running a meta to bump up the score... -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com