nt: 1/13/04 6:52:28 PM
> >To: "Carl R. Friend"<[EMAIL PROTECTED]>, "[EMAIL PROTECTED]"<[EMAIL PROTECTED]>
> >Cc: "[EMAIL PROTECTED]"<[EMAIL PROTECTED]>
> >Subject: Re: [RulesEmporium] RE: [SAtalk] New HTML spam body obfusca
At 13:16 -0700 on 01/13/2004, Brian Godette wrote about [SAtalk] New
HTML spam body obfuscation.:
This is a new one to me, seems the spammers are starting to learn javascript
now. I suppose a rule for detecting document.write() usage could be used as a
spam-sign.
[JavaScript Snipped]
In case yo
> -Original Message-
> From: Brian Godette [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 13, 2004 6:05 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] New HTML spam body obfuscation.
>
>
> On Tuesday 13 January 2004 03:23 pm, Rose, Bobby wrote:
>
/
-Original Message-
>From: "Jack L. Stone"<[EMAIL PROTECTED]>
>Sent: 1/13/04 6:52:28 PM
>To: "Carl R. Friend"<[EMAIL PROTECTED]>, "[EMAIL PROTECTED]"<[EMAIL PROTECTED]>
>Cc: "[EMAIL PROTECTED]"<[EMAIL PRO
TopPost:
Could someone please tell me how to run a summary like the one below
against the corpus?
Thanks
>> okay, so i did... i see no reason to use these rules, unless this
>> becomes a common tactic.
>>
>> OVERALL SPAM HAM S/O SCORE NAME
>> 10970 6083 48870.5
On Tue, 13 Jan 2004, Dallas L. Engelken wrote:
> okay, so i did... i see no reason to use these rules, unless this
> becomes a common tactic.
>
> OVERALL SPAM HAM S/O SCORE NAME
> 10970 6083 48870.555 0.000.00 (all messages)
> 220
On Tuesday 13 January 2004 03:23 pm, Rose, Bobby wrote:
> Why even allow javascript embedded emails?
>
One could say the same about HTML emails.
Think about the target MUA of spam; Outlook Express. This type of spam would
only work on O/OE or any MUA that used a JS capable HTML renderer to displ
Why even allow javascript embedded emails?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Dallas L. Engelken
Sent: Tuesday, January 13, 2004 4:42 PM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] New HTML spam body obfuscation.
> -Original Mess
> body JAVASCRIPT_ENCODING_1 /\b(?:\d{1,3}[\s\,]+){8}/
> describe JAVASCRIPT_ENCODING_1 Contains comma seperated
> ascii representations score 0.1 # you can score this by
> itself if you want.
>
> body JAVASCRIPT_ENCODING_2 /document\.write/i
> describe JAVASCRIPT_ENCODING_2 contains docume
> -Original Message-
> From: Brian Godette [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 13, 2004 2:16 PM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] New HTML spam body obfuscation.
>
>
> This is a new one to me, seems the spammers are starting to
> learn javascript
> now. I suppo
10 matches
Mail list logo
