On Fri, 2009-07-17 at 00:04 +0200, Michelle Konzack wrote: > Good Evening, > > Am 2009-07-16 23:42:44, schrieb Karsten Bräckelmann: > > On Fri, 2009-07-17 at 00:37 +0300, Ibrahim Harrani wrote: > > > Is this rule available via updates.spamassassin.org sa-update channel? > > > > Nope. It's living in a sandbox. > > > > > > http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_uri_obfu_ws.cf > > And it does not work... :-( > > Gotten today more then 2800 of this ${STRONG_WORD_HERE}.
Have you tried my rule? I've caught 401 of them since I updated it this
morning. It's also got a little surprise for the next logical
variant...
body __MED_OB
/\bw{2,3}(?:[[:punct:][:space:]]{1,5}|[[:space:][:punct:]]{1,3}dot[[:space:][:punct:]]{1,3})[[:alpha:]]{2,6}\d{2,6}(?:[[:punct:][:space:]]{1,5}|[[:space:][:punct:]]{1,3}dot[[:space:][:punct:]]{1,3})(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
body __MED_NOT_OB /\bw{2,3}\.[[:alpha:]]{2,6}\d{2,6}\.(?:com|net|
org)\b/i
meta AE_MED44 (__MED_OB && ! __MED_NOT_OB)
describe AE_MED44 Shorter rule to catch spam obfuscation
score AE_MED44 2.0
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
> Systemadministrator
> Tamay Dogan Network
> Debian GNU/Linux Consultant
>
>
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
