-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daryl C. W. O'Shea wrote: > On 8/6/2006 7:50 AM, decoder wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Hello there, >> >> I recently had the idea to write a plugin, which scans for >> obfuscated words according to a given list of words, which are >> often obfuscated (to avoid simple word filters). Looking at most >> of my spam, spammers seem to obfuscate always the same words, >> knowing what the filters are looking for. >> >> So I wanted to write a deobfuscator which finds out, given a list >> of words from a configuration file, if the mail contains any of >> these words but obfuscated. This could be combined with OCR too, >> to recognize obfuscated gif spam. >> >> >> Writing that doesn't seem a problem to me, so what do you think, >> could this be useful? :) > > ReplaceTags plugin?
No, ReplaceTags is not that advanced as I understood it. If I got that correctly, it detects pre-specified obfuscation (with the character classes and the regex) and additionally for example wouldn't detect characters left out. Also the rules look ugly because the whole regex stuff is done in the configuration. My approach was to give the plugin words, and the plugin determines itself if these words occur in the mail in an obfuscated manner. (without such complex regex rules and character classes etc, based on how spammers commonly obfuscate). I'll try to write a demo file and will post it then to the mailing list. If it is bullshit then, I still learned some perl from it ;) Best regards, Chris (Daryl, sorry for double posting, forgot to CC the list :)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE1eDzJQIKXnJyDxURAs7bAKCwgJPM5hELZ210YmzSiF1MQI9g2gCdFsDp rDP9/boV2ATgf5sQx0MwcHk= =PLRP -----END PGP SIGNATURE-----
