Matt Kettler said:
> At 02:39 PM 1/26/04 -0500, Kurt Yoder wrote:
>
>
>>body PHISHERMEN /http:\/\/(\w*?\.)+[a-zA-Z]{2,10}?[^/\s]*?@/
>>score PHISHERMEN 5.0
>
>
> Don't use the body ruletype.. SA removes all HTML tags before
> running body.
>
> Use u
ww.visa.com" vs "63.247.87.138")?
This one seems to work for me:
#try to detect phishing schemes and penalize as spam
uri PHISHERMEN /http:\/\/www\.(\w*?\.)*[a-zA-Z]{2,10}?[^\/\s]*?@/
describe PHISHERMEN probable web url disguised as another url for
us want to give some
hints? Specifically, I'd like to look for any "=" and/or "?" between
the fake domain (in this example www.fdic.gov) and the @. So the
regex would trigger on jumbles of characters simulating http GET
url's.
-
void tagging
legitimate url's?
Thanks
--
Kurt Yoder
Sport & Health network administrator
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Ecli
owed by any characters other than spaces or /
followed by @
So, can you regex and Spamassassin geniuses provide feedback on my
rule? Will it work to catch these phishermen? Will it avoid tagging
legitimate url's?
Thanks
--
Kurt Yode
12}\s+){10}/
describeCP_WORDWORD_10 string of 10+ random words
score CP_WORDWORD_10 0.5
bodyCP_WORDWORD_15
/(?:\b(?!(?:from|even|more|were|with)\b)[a-z]{4,12}\s+){15}/
describeCP_WORDWORD_15 string of 15+ random words
score CP_WORDWORD_15 2.5
Both of these should have
Chris Santerre said:
> Popcorn, Weeds, Backhair, and Tripwire. One spam could hit 5 of
> each. But
> I'm still curious. I've got to have more rules then anyone else. I
> get VERY
> long description headers. But I don't get any errors. What SA
> version are
> you running?
Heh... sorry, it's not m
ines of tripwire
hits in the header? Any beyond that could be scored as a single
spamassassin entry such as "multiple tripwire hits" and receive the
tripwire score times number of hits. This would make for a
"prettier" header.
--
Kurt Yoder
Sport & Health network ad
IL PROTECTED]>
> Date:Tue, January 13, 2004 8:16 pm
> To: [EMAIL PROTECTED]
> ------
>
--
Kurt Yoder
Sport & Health network administrator
---
Thi
project, or something like it. A little version
> control goes a long way!
That's a good idea.
Chris, if you want to set up a Sourceforge project and need any
information/help, I am volunteering. I say this because the
Sourceforge project administrative interface can be a bit
overwhelmin
ion procedures. However, any admins who are used to install
wizards a la Windows will undoubtedly find SA more difficult to
install.
In my mind, there is space in the market for a commercially
supported version of SA. This could include a "canned" installa
11 matches
Mail list logo
