spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hardin <jhar...@impsec.org>
Subject Re: No longer just embedded =9D characters in blackmail emails.
Date Thu, 06 Dec 2018 00:43:05 GMT
On Wed, 5 Dec 2018, Grant Taylor wrote:

> On 12/05/2018 03:27 PM, John Hardin wrote:
>> Take a look at replace_rules in the repo (both standard and sandboxes).
>
> Thank you for the reference.  replace_rules look very intriguing.
>
> Link - Mail::SpamAssassin::Plugin::ReplaceTags - tags for SpamAssassin rules
> - 
> https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html
>
> I could see myself using this for a number of things.  (If / when there was 
> sufficient spam to warrant.)
>
>> The unicode replacements are fairly stable, it's looking for specific 
>> obfuscated words (like "bitcoin") that's whack-a-mole.
>
> I'll have to research this.
>
>> The problem there is, that's really strongly biased towards English text. 
>> Spanish and French, for example, would have ASCII, but it would also have a 
>> fairly high proportion of accented characters.
>
> Fair concern.  I'm going to say that I am (more than) a bit naive about that. 
> I thought there was something that included a language in a header (possible 
> one of the MIME headers) that could be used to refine the logic.

Potentially, but it's hard to use something like that in regular rule REs. 
That sort of smarts would probably need to be in a plugin.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   The yardstick you should use when considering whether to support a
   given piece of legislation is "what if my worst enemy is chosen to
   administer this law?"
-----------------------------------------------------------------------
  2 days until The 77th anniversary of Pearl Harbor

Mime
View raw message