-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I seem to be getting a lot of messages with just a Subject and a blank body, or what
appears to be a blank body.
If you look at the message in Outlook nothing appears in the body, but I have a
utility that lets you view the html as well, in there will appear something like this:
<html>
<head>
<DEFANGED_meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body link="#0000FF" vlink="#0000FF" alink="#0000FF">
<DEFANGED_script language="JavaScript">
<!--
function MM_openBrWindow(theURL,winName,features) { //v2.0
window.open(theURL,winName,features);
}
//-->
</script>
<div align="center">
<p><a href="http://links.myhotsites.com/c.php?l=2306297&m=123";>
<DEFANGED_IMG src="http://links.myhotsites.com/images/qb/sb/sb1.jpg"; width="600"
height="400" border="0"></a></p>
</div>
<div align="center">
<p><a href="http://links.myhotsites.com/u.php?[EMAIL PROTECTED]";>
<DEFANGED_IMG src="http://links.myhotsites.com/images/rm3.jpg"; width="398"
height="47" border="0"></a></p>
</div>
<DEFANGED_IMG src="http://links.myhotsites.com/v.php?l=2306297&m=123"; width="1"
height="1">
<zvxr^nfpraqrapl(arg>
</body>
</html>
My messages are first scanned by spamd and then by the sanitizer procmail scripts,
which adds the "DEFANGED" text. I'm not sure if sanitizer is mangling their scripts
so bad that just nothing appears or if this is a new tactic. It appears that they
defined all colors as white with just a script to launch to their site.
In anycase, how can I/we establish a rule that would deal with this sort of situation.
It seems to be getting more frequent. The headers are as follows:
Return-Path: <[EMAIL PROTECTED]>
Received: from andromeda.abswarad.com (andromeda.abswarad.com [64.57.69.176])
by fat_man.ascendency.net (8.11.6/8.11.6) with SMTP id gBKNBQQ36066
for <[EMAIL PROTECTED]>; Fri, 20 Dec 2002 17:11:26 -0600 (CST)
(envelope-from [EMAIL PROTECTED])
To: [EMAIL PROTECTED]
Date: Fri, 20 Dec 2002 18:19:15 -0500
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: Mutt/1.3.19i
From: "Bus Driver" <[EMAIL PROTECTED]>
Subject: Were you on the bus [EMAIL PROTECTED]
X-Rot-Version: zvxr^nfpraqrapl(arg
MIME-Version: 1.0
X-Security: MIME headers sanitized on fat_man.ascendency.net
See http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.136 $Date: 2002-10-20 10:38:14-07
Content-Type: multipart/alternative; boundary="----=_BkymKzPF_EOQL8qx8_MA"
X-DCC-sackHeads-Metrics: fat_man.ascendency.net 1012; Body=1 Fuz1=1 Fuz2=2
X-Spam-Status: No, hits=2.5 required=5.0
tests=JAVASCRIPT,MIME_BOUND_MA,SPAM_PHRASE_00_01,WEB_BUGS
version=2.43
X-Spam-Level: **
X-UIDL: c6`!!SCQ"!aR0!!\]f"!
Two other questions...shouldn't these messages be listed in Razor1, 2 or dcc? Also I
noticed the header X-Rot-Version. What is that? That seems to be a common element.
...........................................
Randomly Generated Quote:
'What is youth except a man or a woman
before it is ready or fit to be seen?'
- -- Evelyn Waugh
Mike Loiterman
PGP Key 0xD1B9D18E
http://www.ascendency.net
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: This message has been digitally signed by Mike Loiterman
iQA/AwUBPgOxmGjZbUnRudGOEQJSzgCbBfXVPz+S+x5riWPFyyHcFrqDGCYAoPew
UIe0nl6hmjRO0++yz8+sSkWf
=FGym
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.NET email is sponsored by: The Best Geek Holiday Gifts!
Time is running out! Thinkgeek.com has the coolest gifts for
your favorite geek. Let your fingers do the typing. Visit Now.
T H I N K G E E K . C O M http://www.thinkgeek.com/sf/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
![http://links.myhotsites.com/images/qb/sb/sb1.jpg"](http://links.myhotsites.com/images/qb/sb/sb1.jpg"){kind=link}
![http://links.myhotsites.com/images/rm3.jpg"](http://links.myhotsites.com/images/rm3.jpg"){kind=link}