Hi
Scott:
I just did a
test..
in our filter
files we have:
BODY 20
CONTAINS Banned CD
Here is an email I
sent to myself from Hotmail. The filter is not
triggered.
==========================================
X-OriginalArrivalTime: 26 Dec 2003 12:21:25.0569 (UTC)
FILETIME=[C7EEA310:01C3CBAA]
X-IMAIL-SPAM-DNSBL: (BLARS,45416796,127.1.8.17)
X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: FREEEMAILS:
X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (line 20, weight 5)
X-Declude-Sender: [EMAIL PROTECTED] [207.68.165.8]
X-Declude-Spoolname: D27c602b5015c4bff.SMD
X-Note: This E-mail was scanned & filtered by Declude [1.77i8] for SPAM & virus.
X-Spam Score: 5 [Blocked on 20+]
X-Note: Sent from Reverse DNS: sea2-f8.sea2.hotmail.com
X-Hello: hotmail.com
X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, FREEEMAILS, FILTER-HEADER-XMAIL
X-Note: Recipient(s): [EMAIL PROTECTED]
X-Country-Chain: UNITED STATES->destination
X-Declude-Date: 12/26/2003 12:21:25 [0]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 331473289
X-IMAIL-SPAM-DNSBL: (BLARS,45416796,127.1.8.17)
X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: FREEEMAILS:
X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (line 20, weight 5)
X-Declude-Sender: [EMAIL PROTECTED] [207.68.165.8]
X-Declude-Spoolname: D27c602b5015c4bff.SMD
X-Note: This E-mail was scanned & filtered by Declude [1.77i8] for SPAM & virus.
X-Spam Score: 5 [Blocked on 20+]
X-Note: Sent from Reverse DNS: sea2-f8.sea2.hotmail.com
X-Hello: hotmail.com
X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, FREEEMAILS, FILTER-HEADER-XMAIL
X-Note: Recipient(s): [EMAIL PROTECTED]
X-Country-Chain: UNITED STATES->destination
X-Declude-Date: 12/26/2003 12:21:25 [0]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 331473289
Ban</manifestation>ned C</palindrome>D!
==========================================
& then I sent
one without the </..> tags & it was caught.
==========================================
X-IMAIL-SPAM-DNSBL: (BLARS,47317340,127.1.8.17)
X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: FREEEMAILS:
X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (line 20, weight 5)
X-RBL-Warning: FILTER-PORN: Message failed FILTER-PORN test (line 64, weight 20)
X-Declude-Sender: [EMAIL PROTECTED] [207.68.165.25]
X-Declude-Spoolname: D287b02d2015c0fa4.SMD
X-Note: This E-mail was scanned & filtered by Declude [1.77i8] for SPAM & virus.
X-Spam Score: 25 [Blocked on 20+]
X-Note: Sent from Reverse DNS: sea2-f25.sea2.hotmail.com
X-Hello: hotmail.com
X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, FREEEMAILS, FILTER-HEADER-XMAIL, FILTER-PORN, WEIGHT20s, WEIGHT20r
X-Note: Recipient(s): [EMAIL PROTECTED]
X-Country-Chain: UNITED STATES->destination
X-Declude-Date: 12/26/2003 12:24:26 [0]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 331473290
X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: FREEEMAILS:
X-RBL-Warning: FILTER-HEADER-XMAIL: Message failed FILTER-HEADER-XMAIL test (line 20, weight 5)
X-RBL-Warning: FILTER-PORN: Message failed FILTER-PORN test (line 64, weight 20)
X-Declude-Sender: [EMAIL PROTECTED] [207.68.165.25]
X-Declude-Spoolname: D287b02d2015c0fa4.SMD
X-Note: This E-mail was scanned & filtered by Declude [1.77i8] for SPAM & virus.
X-Spam Score: 25 [Blocked on 20+]
X-Note: Sent from Reverse DNS: sea2-f25.sea2.hotmail.com
X-Hello: hotmail.com
X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, FREEEMAILS, FILTER-HEADER-XMAIL, FILTER-PORN, WEIGHT20s, WEIGHT20r
X-Note: Recipient(s): [EMAIL PROTECTED]
X-Country-Chain: UNITED STATES->destination
X-Declude-Date: 12/26/2003 12:24:26 [0]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 331473290
Banned
CD
============================================
============================================
The first time I
posted my notes about comments was based on this observation but this time I did
a test.
Look at the new
type of insertions .. a totally legitimate HTML tag.
===================
ime>st
Gen<alt=3Dhas come>eric
Viag<alt=3Di want>ra no<alt=3Dmonitor>w!</a><br><br>O<alt=3Dsignature>r te=
<alt=3Dfather>st on<alt=3Dmother>e
o<alt=3Dbrother>f o<alt=3Dsister>ur oth<alt=3Dtalk to me>er <alt=3Dwhen u =
can>pharma<alt=3Dgo around>cy products:<alt=3Dand check>
Viag<alt=3Di want>ra no<alt=3Dmonitor>w!</a><br><br>O<alt=3Dsignature>r te=
<alt=3Dfather>st on<alt=3Dmother>e
o<alt=3Dbrother>f o<alt=3Dsister>ur oth<alt=3Dtalk to me>er <alt=3Dwhen u =
can>pharma<alt=3Dgo around>cy products:<alt=3Dand check>
====================
<alt=..> we
are seeing a ton of emails with these inserted in the middle of each text and
not detected with the filters.
Regards,
Kami
