[snippety] Rule: BODY RULENAME /a string/i
Coded Rule: BODY RULENAME /a{1,3} s{1,3}t{1,3}r{1,3}i{1,3}n{1,3}g{1,3}/i
You get the idea. This could be quite burdensome to implement manually, but an easy enough thing to automate 'behind the scenes'.
However, if one were to do this with every body ruleset that exists,
it quite possibly could crush the SA server, as it multiply the amount of CPU used to do a match like that, quite possibly exponentially. [1]
If there was a way of optimizing the search (or at least only doing it on the subject of the mail, not the body) it wouldn't be a bad idea, but [[ as always with this type of measure/countermeasure/countercountermeasure war ]] as soon as it was widespread, the spammers would stop this yet again, and move onto the next useful (for them) obfuscation scheme... :-/
Laterz, and happy New Year, Roger "Merch" Merchberger
[1] Yes, in the immortal words of DJB: "Profile, don't Speculate." I am speculating, but it's at least a pretty educated guess... I honestly don't have the time to write the automation process to rewrite all the rules with what you have in mind to do a true profile...
-- Roger "Merch" Merchberger | A new truth in advertising slogan sysadmin, Iceberg Computers | for MicroSoft: "We're not the oxy... [EMAIL PROTECTED] | ...in oxymoron!"
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
