>From [EMAIL PROTECTED] Thu Jan 22 20:18:10 2004
Date: Thu, 22 Jan 2004 20:18:08 -0800
From: Robert Menschel <[EMAIL PROTECTED]>
To: Regis Wilson <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: [SAtalk] [RD] spammers write rules for us
>Hello Regis,
>RW> Got a spam that's so easy, the spammers write the rules for us:
>
>RW> Message-ID:
>RW> <[EMAIL PROTECTED]>
>
>RW> So,
>
>RW> header MESSAGEID_RATWARE ALL =~
>RW> /\nMessage-ID:.<[^-]{7,13}-[^-]{3,11}-[^-]{2,6}/i
>RW> describe MESSAGEID_RATWARE Message-ID has ratware pattern
>RW> score MESSAGEID_RATWARE 0.5
>
>MESSAGEID_RATWARE -- 13479s/973h of 91714 corpus (74113s/17601h) 01/22/04
>
>Hits almost a thousand ham here. 93% of the hits are spam, which is very
>promising. Tighten up the rule a little bit, and we'll probably have a
>winner.
>
As soon as I sent it, I realised a basic error. I used [^-] out of sheer
laziness of not using [A-Z0-9]. Therefore,
header MESSAGEID_RATWARE \
Message-ID: =~ /<[A-Z0-9]{7,13}-[A-Z0-9]{3,11}-[A-Z0-9]{2,6}/i
This removes the $%# characters that some MTAs likely use. However I still
feel the pattern will have false-positives, so the score must be kept low.
If only they had given away the rest of their ratware pattern, after the
'@'. Drats.
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
