spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <kmcgr...@apache.org>
Subject Re: 9D character used in words to avoid detection.
Date Sat, 17 Nov 2018 00:41:13 GMT
Yeah, there is a SCC SHORT WORDS rule and a KAM_ZWNJ in KAM.cf.  Please let
me know if those help.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Fri, Nov 16, 2018 at 7:37 PM John Hardin <jhardin@impsec.org> wrote:

> On Fri, 16 Nov 2018, Mark London wrote:
>
> > I just received a spam email with the 9D character placed inside of
> words,
> > that prevented my custom BODY rules from being hit.  I.e.:
> >
> > Obvi=9Do=9Dusly yo=9Du=9D ca=9Dn can cha=9Dnge=9D i=9Dt, o=9Dr
> a=9Dlready
> > change=9Dd it.
> >
> > Is there a way to define BODY rules, so that they will be triggered?
> > Thanks.
>
> No, that would be way too much work; take a look at __UNICODE_OBFU_ZW in
> my sandbox. It isn't performing well in masschecks so I expect this tactic
> isn't widespread (yet?)
>
> I suppose I should expose it as scored in case it becomes popular...
>
>
> --
>   John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
>   jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
>   key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>    From the Liberty perspective, it doesn't matter if it's a
>    jackboot or a Birkenstock smashing your face.         -- Robb Allen
> -----------------------------------------------------------------------
>   596 days since the first commercial re-flight of an orbital booster
> (SpaceX)
>

Mime
View raw message