Ed Weinberg wrote:
What version are you running? 2.43 includes the following:I am surprised that SA does not recognize spam sent by FormMail.pl. Back around 1987 a 15 year old kid named Matt Wright wrote a FormMail script. The original insecure version is still in use on a million sites (no exageration). Spammers figured out how to send email through it. Each stock script starts the email with the following format (including the dashed line).:=====================START EXAMPLE============================== Below is the result of your feedback form. It was submitted by [EMAIL PROTECTED] ([EMAIL PROTECTED]) on Tuesday, January 14, 2003 at 02:05:11 --------------------------------------------------------------------------- =====================END EXAMPLE==============================
20_body_tests.cf:body BUGGY_CGI /Below is the result of your feedback form/
...which is given a score of 2.786.
Of course, don't forget that legitimate email does come from formail.pl (especially the fixed versions), so, as with most rules, this is only a possible indicator of spam.
Also, there's a few language variations of the script out there...
--Rich
_________________________________________________________
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_________________________________________________________
-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
