Re: [SAtalk] More HTML Obfuscation: This One Made It Through

2003-10-14 Thread Kris Deugau
"Keith C. Ivey" wrote: > One fairly easily detectable spam sign is the almost-white text > (used to hide the irrelevant words), like this: > > argumentation scabby > > writhe > That should have triggered HTML_FONT_INVISIBLE, but I think > that test has some bugs. It certainly has a bug on my sys

RE: [SAtalk] More HTML Obfuscation: This One Made It Through

2003-10-14 Thread Larry Gilson
Hi Keith, Thanks for the reply! > -Original Message- > From: Keith C. Ivey > Sent: Monday, October 13, 2003 11:31 PM > To: [EMAIL PROTECTED] > Subject: RE: [SAtalk] More HTML Obfuscation: This One Made It Through > > > Larry Gilson <[EMAIL PROTECTED]> w

Re: [SAtalk] More HTML Obfuscation: This One Made It Through

2003-10-13 Thread Daniel Quinlan
Larry Gilson <[EMAIL PROTECTED]> writes: > Two SA rules to help immediately with this are: > > ### I wrapped the rawbody line to keep the integrity of the rule. > # Invisible text color in font tag > rawbody MY_RBDY_INVSTXT >//i > describe MY_RBDY_INVSTXTMY: Invisible text color > sc

RE: [SAtalk] More HTML Obfuscation: This One Made It Through

2003-10-13 Thread Bill Polhemus
Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith C. Ivey Sent: Monday, October 13, 2003 9:27 PM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] More HTML Obfuscation: This One Made It Through Bill Polhemus <[EMAIL PROTECTED]> wrote: > They use the > spu

RE: [SAtalk] More HTML Obfuscation: This One Made It Through

2003-10-13 Thread Keith C. Ivey
Larry Gilson <[EMAIL PROTECTED]> wrote: > ### I wrapped the rawbody line to keep the integrity of the > ### rule. > # Invisible text color in font tag > rawbody MY_RBDY_INVSTXT >//i > describe MY_RBDY_INVSTXTMY: Invisible text color > scoreMY_RBDY_INVSTXT2.0 That should work.

Re: [SAtalk] More HTML Obfuscation: This One Made It Through

2003-10-13 Thread Keith C. Ivey
Bill Polhemus <[EMAIL PROTECTED]> wrote: > They use the > spurious HTML tags to break up the text and get it through the > Bayesian filter. I don't see any text actually broken up. There's just not that much to trigger on. The drug names (most of which aren't in the default rules yet) are bro

RE: [SAtalk] More HTML Obfuscation: This One Made It Through

2003-10-13 Thread Larry Gilson
Sent: Monday, October 13, 2003 9:15 PM > To: 'SA' > Subject: [SAtalk] More HTML Obfuscation: This One Made It Through > > > > Here's another one from a batch of several that have gotten > through SA 2.55 over the last several days. They use the > spurious HTML

[SAtalk] More HTML Obfuscation: This One Made It Through

2003-10-13 Thread Bill Polhemus
Here's another one from a batch of several that have gotten through SA 2.55 over the last several days. They use the spurious HTML tags to break up the text and get it through the Bayesian filter. I'm running these through every time I get one--and luckily, there've only been about one or two per