Bug 4166 - Some fairly obvious spams are not detected
Summary: Some fairly obvious spams are not detected
Status: RESOLVED INVALID
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamassassin (show other bugs)
Version: 3.0.2
Hardware: All All
: P5 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-02 06:01 UTC by Bernhard Rosenkraenzer
Modified: 2005-03-01 21:43 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
sample spam message/rfc822 None Bernhard Rosenkraenzer [NoCLA]
sample spam message/rfc822 None Bernhard Rosenkraenzer [NoCLA]
sample spam message/rfc822 None Bernhard Rosenkraenzer [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Rosenkraenzer 2005-03-02 06:01:24 UTC 
I'll attach some fairly obvious spams that got through spamassassin 3.0.2, 
along with some suggestions for rules to detect them
Comment 1 Bernhard Rosenkraenzer 2005-03-02 06:04:12 UTC 
Created attachment 2675 [details]
sample spam

Ways to detect:

"This letter may come( to you|) (in|as a) surprise"
"through my search of reputable persons and companies"
"My name is.*minister of"
Comment 2 Bernhard Rosenkraenzer 2005-03-02 06:06:32 UTC 
Created attachment 2676 [details]
sample spam

Possible ways to detect:

To: "Something that is not even related my name [maybe check /etc/passwd for
the right name?]" <my@address>

"If you want to shop.*check our site"
"discount on quality ink products"
Comment 3 Bernhard Rosenkraenzer 2005-03-02 06:08:40 UTC 
Created attachment 2677 [details]
sample spam

Possible ways to detect:

- Obfuscated words (SU-per Hu^ge) in subject
- "on'line pharmacies'
- Obfuscated "Visit us today"
- "This is 1 -time mailing. N0-re m0val are re'qui-red" (obfuscated removal
message)
Comment 4 Jeff Chan 2005-03-02 06:35:45 UTC 
Bugzilla isn't a great place to post spams unless they indicate a new class
of spam or a design flaw in SpamAssassin.  The attached Nigerian 419 spam can 
probably be detected by existing rules, and the two spams with URIs can be 
detected with URIDNSBL.  Both web sites advertised in those two spams have
domains that are listed in SURBLs, and would easily be detected if you're using 
network tests.  Please see 99_sare_fraud_*.cf:

  http://www.rulesemporium.com/rules.htm
  http://www.surbl.org/faq.html#nettest
  http://wiki.apache.org/spamassassin/DoYouWantMySpam

If you need more help with these I'd suggest asking on the spamassassin-users 
mailing list.
Comment 5 Sidney Markowitz 2005-03-02 06:43:03 UTC 
As the previous comment mentioned, please see this FAQ on the SpamAssassin wiki:

http://wiki.apache.org/spamassassin/DoYouWantMySpam

Closing as INVALID