On Fri, 5 Oct 2018, Zinski, Steve wrote:
Yes, absolutely.
OK, cleaned up a bit and checked in. We'll see what masscheck thinks...
On 10/5/18, 1:42 PM, "John Hardin" <jhar...@impsec.org> wrote:
On Fri, 5 Oct 2018, Zinski, Steve wrote:
> Here's how I'm blocking bitcoin emails with Unicode characters embedded:
>
> body __BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/
> body __BTC2 /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i
> body __BTC3 /\b\W*b\W*t\W*c\W*\b/i
> body __BTC4
/\bb[i\x{0456}]t[c\x{0441}][o\x{043E}][i\x{0456}]n\b/i
> meta LOCAL_BITCOIN ( __BTC1 && ( __BTC2 || __BTC3 || __BTC4 ) )
> score LOCAL_BITCOIN 10.0
>
> Works like a charm in my environment.
To clarify: I added a rule for general obfuscation using the zero-width
Unicode glyph. It's not bitcoin-specific.
With your permission I can add that to my sandbox and see how it does in
masscheck.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Venezuela is busy reaping the benefits of Socialism:
in one year 75% of the population has, on average, lost 19 pounds
due to insufficient food, and 82% of households are below the
poverty line. (2016 Venezuelan "Living Conditions Survey")
-----------------------------------------------------------------------
554 days since the first commercial re-flight of an orbital booster (SpaceX)
