On Friday 14 June 2002 04:17 am, Bill Becker wrote: > We may need expanded rules to handle obfuscation. The following > javascript decodes into another obfuscation javasscript. I didn't have > time to persue it further (what the sender is counting on i suppose)...
[snip] > ...the body part of this html is the usual stuff about how sorry he is if > i received the message in error. Which, of course, explains why he used JavaScript to obfuscate his spam, as it makes it *so* much easier to filter out. One thing we could do would be to extract text bracketed by <SCRIPT> tags, and then see if there's a "document.write()" type call in it. A document.write() JS call in an HTML mail message is even *more* dubious than just plain JS code. -- Give a man a match, and he'll be warm for a minute, but set him on fire, and he'll be warm for the rest of his life. ICQ: 132152059 _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
