Looks like its time to upgrade this will likely catch the darn pic.gif stuff to then???
Chris? CT ----- Original Message ----- From: "Justin Mason" <[EMAIL PROTECTED]> To: "Chris Santerre" <[EMAIL PROTECTED]> Cc: "Spamassassin-Talk (E-mail)" <[EMAIL PROTECTED]> Sent: Thursday, August 28, 2003 1:37 PM Subject: Re: [SAtalk] [RD] this is the spam I'm fighting, and why rules don't hit. > > Chris Santerre writes: > > I finally got one of these boogers above a 7 so I had the raw in my trap. > > Take a look at this raw mbox email and why SA rules don't hit. The MUA > > decodes the email and shows the spam when read. After the ************* is > > what the decoded base64 looks like. Headers don't matter. I've looked at > > them all. No pattern, always different, either DSL or open relay. Don't tell > > me to use an RBL or I'll send the tree ents after you!!! (Guess what movie I > > watched last night?) ;) > > 2.60 sees it just fine: > > Spam detection software, running on the system "jalapeno", has > identified this incoming email as possible spam. The original message > has been attached to this so you can view it (if it isn't spam) or block > similar future email. If you have any questions, see > @@CONTACT_ADDRESS@@ for details. > > Content preview: URI:*http:/internet-generic-pharmacy.com/remove REMOVE > ME NOW PLEASE URI:http://wWW.LibiDO-HeALTH.NET/af%66i%6C/n%6D/?i%644 > URI:http://ImG.lIBIDo-HEALtH.NEt/n%6D/%6E%6d%2D%69%6d%67.%6Ap%67 [...] > > Content analysis details: (8.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------- ------ > 0.5 REMOVE_REMOVAL_2WORD BODY: List removal information > 0.5 HTML_60_70 BODY: Message is 60% to 70% HTML > 1.8 BAYES_60 BODY: Bayesian spam probability is 60 to 70% > [score: 0.6314] > 1.2 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME > 0.1 HTML_MESSAGE BODY: HTML included in message > 1.5 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words > 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding > 1.0 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset > 0.5 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary %-escapes inside a URL > > --j. > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
