spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Babes in blue spam

Re: Babes in blue spam

From: Karsten Bräckelmann <guenther_at_nospam>
Date: Tue Oct 12 2010 - 21:01:07 GMT
To: users@spamassassin.apache.org

On Tue, 2010-10-12 at 15:09 -0500, mdunlap wrote:
> I've had problems sa-learning some particular emails that have some ASCII
> escape characters, I've been getting this email that passes right through
> the filter Subject: (¯`·._..babes_in_blue^(TM).._.·´¯) sa-learn won't
> recognize it as an actual email message, I'm pretty sure these characters
> "(¯`·._.." are escaping it some how. Any ideas? These spammers have found a
> way to bypass spam detection because spam assassin wont even recognize it.
> Can you guys make any sense of it?

Err, those are not "escape characters". They are characters.

What do you mean exactly, "sa-learn won't recognize it as an actual
message"? Please elaborate. And no, I believe "spammers have found a way
to bypass spam detection" to not be true. Anyway, more details and
evidence, please.

Plus, please put a sample somewhere we can download it, and post the
link. A *raw* message, including all headers [1]. Yes, also the SA
headers.

> HERE is the header and part of the message
> Sorry for the long message

Please do NOT send spam to the list.

[1] If need be, you can mask domain names by using example.com instead.

-- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}