On Thu, 26 Jun 2003, Matt Kettler wrote: > At 08:51 AM 6/26/03 -0400, Jack Gostl wrote: > >That PGP sig buried in HTML sticks out like a sore thumb. > > > Even better, if you check my post from 6/14, most of these have a PGP > signature block, but are without a "begin pgp signed message" block.. > > Try this meta rule pair for a starter. I can't guarantee that it doesn't > have FP cases, but it seems to do the trick for many of these spams. > > ------------------------ > > body __LOCAL_PGP_SIGNED_MESSAGE /-----BEGIN PGP SIGNED MESSAGE-----/ > > meta LOCAL_PGP_SIGNATURE_ABUSED PGP_SIGNATURE && > !__LOCAL_PGP_SIGNED_MESSAGE > score LOCAL_PGP_SIGNATURE_ABUSED 4.6 > > > Note: i used 4.6 as a score for this, to effectively flip the -2.3 of the > PGP_SIGNATURE rule into a +2.3. It's still not enough to tag the message, > but it's a start.
What really worries me is the growing number of messages between 4.5 and 5. Many of these already have a Bayes score of 90+. -- Jack Gostl [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk