On Thu, 26 Jun 2003, Matt Kettler wrote:

> At 08:51 AM 6/26/03 -0400, Jack Gostl wrote:
> >That PGP sig buried in HTML sticks out like a sore thumb.
> 
> 
> Even better, if you check my post from 6/14, most of these have a PGP 
> signature block, but are without a "begin pgp signed message" block..
> 
> Try this meta rule pair for a starter. I can't guarantee that it doesn't 
> have FP cases, but it seems to do the trick for many of these spams.
> 
> ------------------------
> 
> body __LOCAL_PGP_SIGNED_MESSAGE       /-----BEGIN PGP SIGNED MESSAGE-----/
> 
> meta LOCAL_PGP_SIGNATURE_ABUSED       PGP_SIGNATURE && 
> !__LOCAL_PGP_SIGNED_MESSAGE
> score LOCAL_PGP_SIGNATURE_ABUSED      4.6
> 
> 
> Note: i used 4.6 as a score for this, to effectively flip the -2.3 of the 
> PGP_SIGNATURE rule into a +2.3. It's still not enough to tag the message, 
> but it's a start.

What really worries me is the growing number of messages between 4.5 and
5. Many of these already have a Bayes score of 90+.

-- 

Jack Gostl      [EMAIL PROTECTED]



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to