On Tue, 5 Aug 2014, Andy Balholm wrote:
On Aug 5, 2014, at 11:16 AM, John Hardin <jhar...@impsec.org> wrote:
It can hit on embedded phone numbers, which are, strictly speaking, valid
hexadecimal strings...
I suspect it's hitting on all those dates as well, and needs some more
tightening.
In the spams I’m looking at, all the hex strings are 32 characters. How long
were they in Joe’s samples (no longer on pastebin)?
I have seen examples with hex strings as short as 12-16 characters, as
well as GUID-esqe xxxx-xxxx-xxxxx-xxxx-xxxx dash-separated sequences.
That's why the HEXHASH rule is more complex than what's being suggested
here
Can some fresh samples be posted to pastebin?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
There is no better measure of the unthinking contempt of the
environmentalist movement for civilization than their call to
turn off the lights and sit in the dark. -- Sultan Knish
-----------------------------------------------------------------------
Today: the 69th anniversary of the Hiroshima bombing
