At 02:16 2003-09-24 +0100, Alan Clifford did say:
On Tue, 23 Sep 2003, Dick Adams wrote:
DA> At the end of the subject line of some spam, there are
DA> several spaces followed by four numbers. Does anyone
DA> have a recipe for detecting this?
DA>
I just look for several spaces followed by a character.
That's totally different than what was being asked for (and admittedly, I
failed to include a check for spaces BEFORE the numeric). I have other
rules in my spam.rc which check for an "abundance of whitespace in the
subject":
# Abundance of leading whitespace on Subject
# we provide for an allowance of 4 (though tabs are counted equal to space)
# Note: we don't use SUBJECT variable, because that has leading whitespace
# removed when it was initially extracted.
:0
* -4^0
* ^Subject:\/[ ]*
* 1^1 MATCH ?? [ ]
{
SPAMVAL="+50"
SPAMMISHNESS="${SPAMMISHNESS}${SPAMVAL}"
SPAMNOTES="${SPAMNOTES}SPAM: ${SPAMVAL} Advisory - excess of
leading whitespace on subject ($=)${NL}"
}
# this time, we DO use the variable, but we check for an EOL anchored
# run (poss with a blurb code hanging there).
:0
* -4^0
* SUBJECT ?? \/[ ]*[^ ]*$
* 1^1 MATCH ?? [ ]
{
SPAMVAL="+50"
SPAMMISHNESS="${SPAMMISHNESS}${SPAMVAL}"
SPAMNOTES="${SPAMNOTES}SPAM: ${SPAMVAL} Advisory - excess of
inline whitespace on subject ($=)${NL}"
}
# 20030414/1107 SBS
# from handsonhowto
# Spammer's embedded space trick -- you know the ones:
# Subject: Hot chix! xjks4h
# Schlepped from elsewhere
:0
* ^Subject:[ ].*[^
].*[ ][ ][ ][ ][ ][ ][ ].*
{
SPAMVAL="+50"
SPAMMISHNESS="${SPAMMISHNESS}${SPAMVAL}"
SPAMNOTES="${SPAMNOTES}SPAM: ${SPAMVAL} Advisory - embedded space
on subject${NL}"
}
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail