"Keith C. Ivey" wrote:
> One fairly easily detectable spam sign is the almost-white text
> (used to hide the irrelevant words), like this:
> > argumentation scabby
> > writhe
> That should have triggered HTML_FONT_INVISIBLE, but I think
> that test has some bugs.
It certainly has a bug on my sys
Hi Keith,
Thanks for the reply!
> -Original Message-
> From: Keith C. Ivey
> Sent: Monday, October 13, 2003 11:31 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [SAtalk] More HTML Obfuscation: This One Made It Through
>
>
> Larry Gilson <[EMAIL PROTECTED]> w
Larry Gilson <[EMAIL PROTECTED]> writes:
> Two SA rules to help immediately with this are:
>
> ### I wrapped the rawbody line to keep the integrity of the rule.
> # Invisible text color in font tag
> rawbody MY_RBDY_INVSTXT
>//i
> describe MY_RBDY_INVSTXTMY: Invisible text color
> sc
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith C.
Ivey
Sent: Monday, October 13, 2003 9:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] More HTML Obfuscation: This One Made It Through
Bill Polhemus <[EMAIL PROTECTED]> wrote:
> They use the
> spu
Larry Gilson <[EMAIL PROTECTED]> wrote:
> ### I wrapped the rawbody line to keep the integrity of the
> ### rule.
> # Invisible text color in font tag
> rawbody MY_RBDY_INVSTXT
>//i
> describe MY_RBDY_INVSTXTMY: Invisible text color
> scoreMY_RBDY_INVSTXT2.0
That should work.
Bill Polhemus <[EMAIL PROTECTED]> wrote:
> They use the
> spurious HTML tags to break up the text and get it through the
> Bayesian filter.
I don't see any text actually broken up. There's just not that
much to trigger on. The drug names (most of which aren't in
the default rules yet) are bro
Hi Bill,
Two SA rules to help immediately with this are:
### I wrapped the rawbody line to keep the integrity of the rule.
# Invisible text color in font tag
rawbody MY_RBDY_INVSTXT
//i
describe MY_RBDY_INVSTXTMY: Invisible text color
scoreMY_RBDY_INVSTXT2.0
# Obfuscate text
