"Gary Funck" <gary@intrepid.com> writes:
> Is there a place we can send particularly inspired spam, that might be
> fodder for SA test cases? This one dropped in under the rader. It has
> mangled html, really, really tiny fonts, a subject in a modified font,
> and excerpts from news articles to add spice.
It is perhaps fodder for rule-specific test cases. That gets a score
with 6 in HEAD and the score will be very likely be higher when the
scores are optimized so we're doing okay.
FORGED_OUTLOOK_TAGS
HTML_30_40
HTML_BADTAG_70_80
HTML_FONT_BIG
HTML_MESSAGE
HTML_NONELEMENT_90_100
HTML_OBFUSCATE_50_60
LINES_OF_YELLING
LINES_OF_YELLING_2
MIME_HTML_ONLY
T_ALL_TRUSTED
T_BACKHAIR2_1_1
... many BACKHAIR rules ...
T_BACKHAIR_6_2
T_HTML_TAG_BALANCE_DIV_1
T_HTML_TAG_BALANCE_DIV_2
T_HTML_TAG_BALANCE_FONT_0
T_HTML_TAG_BALANCE_FONT_1
T_HTML_TAG_BALANCE_FONT_2
I think the bigger fodder is writing new rules if there are any
obfuscation techniques not already found.
Given that this is just a missed spam, it's really more of a question
for sa-users unless you have a rule to propose. Any discussion of spam
techniques here really needs to take into account the code in SVN.
--
Daniel Quinlan anti-spam (SpamAssassin), Linux,
http://www.pathname.com/~quinlan/ and open source consulting
message-rfc822.eml (6.98 KB)