On Fri, 29 Jun 2018, Alex wrote:
On Thu, Jun 28, 2018 at 3:59 PM, Zinski, Steve <szin...@richmond.edu> wrote:These sextortion scammers are clever. So, instead of filtering on the word “bitcoin”, I now filter on a bitcoin regex (see below) and some other words such as “pixel”, “virus”, etc. which are always a part of the sextortion message. body __BITCOIN /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/This rule is creating false positives: If your email program has trouble displaying this email, view it as a web page [ http://s255356359.t.en25.com/e/es?s=255356359&e=6361&elqTrackId=78D8A052C380BCBFF284D754BEBE9730&elq=1dc278553a2445bb88bcc9b73bf4ef85&elqaid=57&elqat=1 ]
@steve: could you pastebin a couple of sextortion spamples for me pls? Thanks.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The tree of freedom must be freshened from time to time with the blood of tyrants and tyrannosaurs. -- DW, commenting on the GM6 Lynx .50BMG bullpup ----------------------------------------------------------------------- 5 days until the 242nd anniversary of the Declaration of Independence
