On Fri, 8 Mar 2002, David G. Andersen wrote:
> Matthew Cline just mooed:
>> First a few rules to match non-spam:
[...]
>> While there would be no effort in faking this, it might take a while
>> for some of the spammers to catch on.
>>
>> uri HTTPS_URL /https:\/\//
>> describe HTTPS_URL Spammers don't often use HTTPS
>>
>> Has anyone seen spam that uses an HTTPS URI?
>
> Doh. Sorry, sent it to you without CC:'ing sa-talk, in case others
> were curious. Yes - I have 107 unique https URIs in my corpus (in
> other words, not too many), advertising 34 different servers.
It's worth noting that one reason for using HTTPS when spamming is that
it gets you accurate hit counts -- the client /must/ download the
content the first time it visits, rendering squid caches ineffective...
[...]
> Low-hanging fruit, though it's out of date these days, catch
> the snowhite virus since it's there:
>
> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL story/
> describe SNOWWHITE_VIRUS The snow white virus
> score SNOWWHITE_VIRUS 10
Don't you have a virus scanner? There are a number of packages out
there, based on heuristic detection and table detection, that specialize
in finding these things.
One of them, MIMEsweeper, even integrates with SpamAssassin trivially.
If /you/ want SpamAssassin as part of sweeping your inbound email for
virus signatures, why not try that?
Catching a couple of the hundreds of exploits out there for Windows
systems is a waste of time for many of us who either (a) run a virus
scanner or (b) don't want to scan for this sort of thing.
You really will get better results using a tool designed for filtering
that sort of content to filter it.
Daniel
--
Time spent in the advertising business seems to create a
permanent deformity like the Chinese habit of foot-bonding.
-- Dean Acheson
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
