Print Page | Close Window

Keywords have no effect

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=425
Printed Date: 05 February 2025 at 1:56pm


Topic: Keywords have no effect
Posted By: Guests
Subject: Keywords have no effect
Date Posted: 08 May 2003 at 9:34am

Hi.
I'm new to the SPAM filter software and I am evaluating it for our company. It seems that even though I have matching words in the keywords.txt file, some mails are still passing through. I have tried different ways to match the words in the mail, but without any luck

Fx. A mail contains the phrase 'Enhance your lovelife, free Penis Enlargement herbs!!'

I have tried to use:
penis enlargement
Penis Enlargement
penis,enlargement

and a combination of the above - without luck. Am I doing something wrong here?? The only thing I have in the Whitelist settings are my local domain info. It works most of the time, but not always..

Any idea appreciated.
M Cegrell


Replies:
Posted By: LogSat
Date Posted: 08 May 2003 at 12:51pm

If you can email us your spamfilter.ini file and keyword.txt file, along with a couple of messages that made it thru, and finally your spamfilter logfile for the timeframe when this occurred, we'll take a look. Please indicate also which version of SpamFilter you are using.

Roberto Franceschetti
LogSat Software

Posted By: Guests
Date Posted: 09 May 2003 at 12:40am

Hi,

I was having the problem. Just for my own info I took a llok at the source code on the emails that made it past the keyword filter and found that what caused the email to get by the filter was random code inserted in the email ie.

SEE THE PRE<!--18812-->VIEW OF THE G<!--3477-->IRLS WE HAVE TO OF<!--8929-->FER YOU.  GET READY TO EN<!--31219-->JOY! 
</a><br><br>
<hr><i><font size="-1">
This is NOT SP<!--12026-->AM - You have received this e-mail because at one time or
another you ent<!--6575-->ered the we<!--32553-->ekly draw at one of our portals or FFA s<!--10692-->ites.

This is just one of the many ways that the spamers are using to bypass the keyword filtering

Once I found this I put the first part of the code in.

<!--1

<!--2

This seems to be working on this method used by the spammers.

Here is another one of the snippits of code used to bypass the keyword filter.

If you do<!edr> n<!edr>ot wish to re<!edr>ceive further mai<!edr>lings,

As you can see, by inserting these snipits of code between the letter of the banned words, the email will get through.

I have also seen emails with random snippits inserted in the emails. ie <k1oojap> <kl38gjh30> <j3iondf843>.

These are harder to filter since the combinations possible are endless. Since I don't know how they are generating these on the fly, it makes it a time consuming proposition to create keywords to block them.

Some kind of smart filtering engine that could learn or be taught to detect this kind of pattern and block the emails would be a great feature for SpamFilterISP to have.

George

Posted By: Guests
Date Posted: 09 May 2003 at 5:56am
Thanks! This is what I found out too when I examined the mails more closely. I guess the Spammers are a few steps ahead still..

Posted By: Guests
Date Posted: 09 May 2003 at 6:05am
The problem seems to be that the words are HTML encoded in a way I don't fully understand. Do you have a HTML interpreter in upcoming releases - It would certainly help a lot!


Print Page | Close Window