On Wed, 15 Jun 2016, jaso...@mail-central.com wrote:
For example, here's a body snippet from one of those 'tortured' spams
-----
#hearthrugs-tablecloths-dishcovers-coalscuttles-a {
pl=
ay-during: auto;
page-break-before: auto
}</style><title>Succes=
sful women join us and become even more successful...</title><DEFANGED_meta
content=
=3D"IE=3Dedge" http-equiv=3D"X-UA-Compatible"/><DEFANGED_meta
content=3D"width=3Ddev=
ice-width, initial-scale=3D1" name=3D"viewport"/>
-----
Notice that the phrase "Successful women" is (1) line-broken, and (2) contains a
"=" separator
That's (more or less) "Quoted Printable" encoding. I don't think that by
itself will be at all useful as a spam sign unless you're looking for QP
line breaks at something less than the QP spec line length, and ISTR
there's already a rule for that.
How would I write a body rule to match on
"
Succes=
sful women
"
and all the possible line-broken and "="-delimited variations? There's
obviously a lot of them.
That would have to be a rawbody rule and would be hugely inefficient
because (1) you can't predict some small set of words that will be broken
that way and (2) all the possible break locations in all those words.
Strongly discouraged.
Does SA *already* do some sort of fuzzy matching?
No, for the reasons noted above.
There is something else in that sample that *may* be a somewhat useful
spam sign, the style name:
#hearthrugs-tablecloths-dishcovers-coalscuttles-a {
A long style name consisting of long dash-broken subwords *might* be
unusual enough for a while to give a point.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #9: Accuracy is relative: most combat
shooting standards will be more dependent on "pucker factor" than
the inherent accuracy of the gun.
-----------------------------------------------------------------------
3 days until SWMBO's Birthday
