Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Messages that can't be checked by keyword?
  FAQ FAQ  Forum Search   Register Register  Login Login

Messages that can't be checked by keyword?
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
MartinC View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote MartinC Quote  Post ReplyReply Direct Link To This Post Topic: Messages that can't be checked by keyword?
    Posted: 27 June 2003 at 7:48am

We seem to be getting good hitrates for keyword checking, even with the junk html style that spammers use. However, some standard messages that are reliably blocked 99% of the time still get through, even though there is a keyword filter that will block them (a non html commented web address for example).

Spamfilter (build 124) reports that some messages can't be checked by the keyword filter - I'm assuming that these are ones getting through.

Is it possible to block these in Spamfilter or would that be dangerous?

I know the new version has RegEx and we will be installing it probably in a fortnight... is this a better safer solution?
Back to Top
MartinC View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote MartinC Quote  Post ReplyReply Direct Link To This Post Posted: 27 June 2003 at 11:44am

actually, a minor change to the above message..

its not corrupt messages that get through, just normal htlm rigged emails for no apparent reason.

the last line of a generic viagra junk message was

<p align="center"><a href="Click'>http://www.nutbxxx.com/host/default.asp?id=1911">Cli<!--8qhfz81flz4s-->ck H<!--heyw713qcth-->ere to<!--58uykar4xo3v--> Vi<!--tiuhrh3cgio-->sit O<!--vd6sr51gnmgfi-->ur Web<!--pv3dla3flxka-->site</a></p>

on most of the keyword filters putting in http://www.nutbxxx.com would block the message 100%, but on this one and others, the vast majority get blocked, but those odd few still get through.

its just in there as plain text, not html obscured.

 
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 27 June 2003 at 12:48pm

Martin,

I STRONGLY recomend the use of RegEX.

The following, in your keyword list knocks that one right out.

(<[!--]+[a-zA-Z0-9]{11,})

I am also using the following expressions to kill "dotted IP" URL's because we feel that if a link dowsn't have a FQDN, then the gererator of the message is either lazzy or is sending Spam.

(href="http://+[\d])
(href="http://%[\d])

We are actually using ONLY regular Expressions in our Keyword list to kill the "Spam flavor" of a message, rather than "censoring" email.

Dan S.

 
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.223 seconds.

Copyright (c)2002-2021 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us