On Monday 10 May 2004 11.07, Bartosz Fenski aka fEnIo wrote: > http://skawina.eu.org/spam.gpg > > It's almost empty message with some html and one gif picture which > includes some Viagra prices. > > And the worst thing... it is GPG signed. > > How to filter such stuff? spamassassin, from current testing: | Content analysis details: (6.1 points, 5.0 required) | | pts rule name description | ---- ---------------------- -------------------------------------------------- | -0.0 BAYES_44 BODY: Bayesian spam probability is 44 to 50% | [score: 0.4630] | 1.0 HTML_MESSAGE BODY: HTML included in message | 1.0 HTML_70_80 BODY: Message is 70% to 80% HTML | 0.1 BIZ_TLD URI: Contains a URL in the BIZ top-level domain | 1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server | [194.96.20.68 listed in dnsbl.sorbs.net] | 1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net | [Blocked - see <http://www.spamcop.net/bl.shtml?194.96.20.68>] | 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS | [194.96.20.68 listed in dnsbl.sorbs.net] | 1.3 MIME_BOUND_NEXTPART Spam tool pattern in MIME boundary Whereas some of the spam polluting the Debian lists scores only 1.3 or so. I'm currently looking into tweaking my scores to catch these, too, so at least I don't have to deal with spammy Debian lists. Some scores on this message are nonstandard: score HTML_MESSAGE 1 (default .1) score HTML_70_80 1 (default .1) score MIME_BOUND_NEXTPART 1.307 (default .499) I haven't tweaked my scores in the last 2 months, and I have had only two false positives recently (both were HTML messages). cheers -- vbi -- The content of this message may or may not reflect the opinion of me, my employer, my girlfriend, my cat or anybody else, regardless of the fact whether such an employer, girlfriend, cat, or anybody else exists. I (or my employer, girlfriend, cat or whoever) disclaim any legal obligations resulting from the above message. You, as the reader of this message, may or may not have the permission to redistribute this message as a whole or in parts, verbatim or in modified form, or to distribute any message at all.
Attachment:
pgpp5N7o8ZPHw.pgp
Description: signature