Re: [SAtalk] New trick

Wed, 25 Jun 2003 08:52:53 -0700


How can you suggest incorporating a PGP into the ruleset though?

You can check if its a valid length, but then spammers will use valid PGP sigs.
You can't pointify all PGP sigs, because lots of valid mail is signed w/a PGP

So you can either:
Remove the negative points for PGP sigs -- essentially ignoring them to SA
Have a PGP + something else test -- if PGP && VIAGRA

I get a fair amount of PGP signed messages every day. So i'd look into #2 -- but I dont have the time or energy to modify that much of spamassassin -- creating a class of 'spam only' rules, then doubling their points if they contain a PGP sig (valid or not)



On Wednesday, June 25, 2003, at 10:17 AM, Jack Gostl wrote:


A message just slipped through, no text, just an image. It slipped through
with a ridiculously low score, minus .6

When I expanded the headers, I found that the message got through mostly
because of the following.

USER_AGENT_MSN     (-2.3 points) Headers indicate valid mail from MSN
PGP_SIGNATURE      (-2.3 points) Contains a PGP-signed message

I looked at the message, and found a fake PGP signature buried in the
HTML! (See below!)

<br><br>
<p><font size="2" color=white>
-----BEGIN PGP SIGNATURE-----
i3A/A9UAPmf7ZbesiT+lEZdqEQJJ6QCeJcBgl19C3ErrfhM3h7z5Kg49xU89oKHG
L79MJrvpvQ0ofECdfGbuRfwe
=u41Z
-----END PGP SIGNATURE-----
<br>


There was also almost seven lines jibberish to throw of the Bayes
recognizer.

The fake signature was a cute idea. I think it has to be incorporated into
the scoring. I'm worried about the gibberish though.

Body of the message available upon request.

--

Jack Gostl [EMAIL PROTECTED]






-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to