Re: emails with embedded uuencoded files scoring high

2007-05-31 Thread Per Jessen
Per Jessen wrote: > Theo Van Dinter wrote: > >> On Thu, May 31, 2007 at 08:46:04AM +0200, Per Jessen wrote: >>> What I meant to ask is - has anyone written rules for detecting >>> uuencoded files in the body text (not as attachment) ? >> >> I'm not sure about rules specifically, but as a fyi, yo

Re: emails with embedded uuencoded files scoring high

2007-05-31 Thread Per Jessen
Theo Van Dinter wrote: > On Thu, May 31, 2007 at 08:46:04AM +0200, Per Jessen wrote: >> What I meant to ask is - has anyone written rules for detecting >> uuencoded files in the body text (not as attachment) ? > > I'm not sure about rules specifically, but as a fyi, you may want to > check out ht

Re: emails with embedded uuencoded files scoring high

2007-05-31 Thread Theo Van Dinter
On Thu, May 31, 2007 at 08:20:40PM +0200, Per Jessen wrote: > I was thinking of using a rawbody rule, till I realised that it is > applied line-by-line. Is there a way of writing a rule with a > multi-line regex/pattern? In 3.2 rawbody rules are applied to paragraphs. You should be able to detec

Re: emails with embedded uuencoded files scoring high

2007-05-31 Thread Theo Van Dinter
On Thu, May 31, 2007 at 08:46:04AM +0200, Per Jessen wrote: > What I meant to ask is - has anyone written rules for detecting > uuencoded files in the body text (not as attachment) ? I'm not sure about rules specifically, but as a fyi, you may want to check out https://issues.apache.org/SpamAssass

Re: emails with embedded uuencoded files scoring high

2007-05-31 Thread Per Jessen
Per Jessen wrote: > What I meant to ask is - has anyone written rules for detecting > uuencoded files in the body text (not as attachment) ? I have been going through my logs, and this problem is popping up a little more often than I'm comfortable with. OBSCURED_EMAIL is triggered quite frequent

Re: emails with embedded uuencoded files scoring high

2007-05-30 Thread Per Jessen
Per Jessen wrote: > I've recently seen a few emails with uuencoded documents/files > embedded directly in the body-text, i.e. not as an attachment. > > These hit e.g. rules such as: > > 1.8 DISGUISE_PORN_MUNDANE BODY > 1.7 OBSCURED_EMAIL BODY > 1.1 HTTP_EXCESSIVE_ESCAPES > 0.8 USERPASS > 0.6 UPP

emails with embedded uuencoded files scoring high

2007-05-30 Thread Per Jessen
I've recently seen a few emails with uuencoded documents/files embedded directly in the body-text, i.e. not as an attachment. These hit e.g. rules such as: 1.8 DISGUISE_PORN_MUNDANE BODY 1.7 OBSCURED_EMAIL BODY 1.1 HTTP_EXCESSIVE_ESCAPES 0.8 USERPASS 0.6 UPPERCASE_50_75 giving a total of 6 poi