On 10/18/11 12:12 PM, "Karsten Bräckelmann" <guent...@rudersport.de> wrote:
> On Tue, 2011-10-18 at 07:53 -0500, Daniel McDonald wrote:
>> One of my users submitted a spam for analysis, and I was amazed at the
>> efforts this troglodyte expended to poison bayes.
>> Is it worth the effort to try to find huge html comments hiding junk
>> like this?
>
> Hmm, wait -- Bayes and HTML comments in the same thought. Are you trying
> to imply the malicious Bayes tokens are inside the comment?
>
> While this kind of attack might work with other Bayesian Classifier
> implementations out there, it does NOT fool SA. The (body) Bayes tokens
> SA uses are gathered from the *rendered* body text. All HTML dropped,
> including comments.
Fair enough. I see that the url's in this message have been picked up by
invaluement and razor, so we probably have enough points to toss it in the
quarantine now anyway.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
