Hosting Provided By

Re: MP3 Spam

From: Michelle Konzack <linux4michelle(at)freenet.de>
Date: Mon Oct 22 2007 - 11:56:35 EDT

Am 2007-10-18 20:24:35, schrieb Justin Mason:
>
> UxBoD writes:
> > Does anybody have one of these, or different one, that you could upload somewhere so can do some analysis ?
>
> sure: http://taint.org/x/2007/mp3spam.txt
> anyway, these rules catch them as far as I can tell:
>
> ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
> mimeheader __CTYPE_STORM_MP3_1 Content-Type:raw =~ /^audio\/mpeg;\n name=\"[a-z]+\.mp3\"$/s
> mimeheader __CDISP_STORM_MP3_1 Content-Disposition:raw =~ /^inline;\n filename=\"[a-z]+\.mp3\"$/s
> mimeheader __CTYPE_STORM_MP3_2 Content-Type:raw =~ /^audio\/mpeg;\n\tname=\"[a-z]+\.mp3\"$/s
> mimeheader __CDISP_STORM_MP3_2 Content-Disposition:raw =~ /^attachment;\n\tfilename=\"[a-z]+\.mp3\"$/s
>
> meta JM_STORM_MP3 ((__CTYPE_STORM_MP3_1&&__CDISP_STORM_MP3_1) || (__CTYPE_STORM_MP3_2&&__CDISP_STORM_MP3_2))

I have tried this in a sandboy on a archive (87 messages) of such spam and I had not a singel hit.

Mabe because it is

----( 1 )-------------------------------------------------------

Content-Type: audio/mpeg; filename="I love mpegs.mp3"
Content-Disposition: inline
Content-Transfer-Encoding: base64

<NL>
...here the mp3...

----( 2 )-------------------------------------------------------

<header>
Content-Type: audio/mpeg;

filename="I love mpegs.mp3"
Content-Disposition: inline
Content-Transfer-Encoding: base64
<NL>
...here the mp3...

----( 3 )-------------------------------------------------------

<header>
Content-Type: multipart/mixed; boundary="J/dobhs11T7y2rNN" <NL>

--J/dobhs11T7y2rNN

Content-Type: audio/mpeg; filename="I love mpegs.mp3"
Content-Disposition: attachment
Content-Transfer-Encoding: base64

...here the mp3...

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek

--J/dobhs11T7y2rNN--

Thanks, Greetings and nice Day

    Michelle Konzack
    Systemadministrator
    Tamay Dogan Network
    Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, 
http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSN LinuxMichi
0033/6/61925193    67100 Strasbourg/France   IRC #Debian (irc.icq.com)


application/pgp-signature attachment: Digital signature

Received on Mon Oct 22 11:58:26 2007

This message: [ Message body ]
Next message: gordan(at)bobich.net: "Disabling speciffic RBLs"
Previous message: Michelle Konzack: "Re: How to block the bat!"
In reply to: Justin Mason: "Re: MP3 Spam"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Mon Jul 07 2008 - 05:16:50 EDT