As you can see there's extensive use of a white font color which obscures the many random words that have been inserted in order to subvert signature checking.
Actually, that kind of behavior is intended more to be bayes poison than a razor avoider (although it's good at both). They've picked a random set of words which are mostly "higher education" type words which will usually only appear in serious emails. Since those words will likely be strong non-spam tokens in a bayes database, they've just earned themselves a bayes equivalent of whitelisting.
How often have you seen spam make use of the words like tarpaulin, scarify, ethology, and posterior? Heck, scarify wasn't a word I even knew existed :)
Also of note it looks like the thing has some bugs in it.. it would appear that $RANDOMIZE is intended to be replaced with random words, but in a few spots, a $RANDOMIZE got split with a newline in between. It might be interesting to do a rule to look for it which has some \s?'s added in.
Something like this rule (note: untested, just conceptual off the top of my head)
body LOCAL_RANDOMIZE_SPLIT /\$R\s?A\s?N\s?D\s?O\s?M\s?I\s?Z\s?E/
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
