| Main Archive Page > Month Archives > spamassassin-users archives |
RE: Help with blocking Chinese Spam
From: Jenny Lee <bodycare_5_at_nospam>Date: Tue Mar 13 2012 - 12:40:16 GMT
To: <dfs@roaringpenguin.com>, <users@spamassassin.apache.org>
> Date: Tue, 13 Mar 2012 08:25:21 -0400
> From: dfs@roaringpenguin.com
> To: users@spamassassin.apache.org
> Subject: Re: Help with blocking Chinese Spam
>
> On Tue, 13 Mar 2012 09:48:37 +0000
> Jenny Lee <bodycare_5@live.com> wrote:
>
> > I am getting this chinese spam every hour. I tried, ok_locales,
> > ok_languages with texcat plugin... I tried matching the subject...
> > but these people are always getting through.
> > http://www.pastebin.ca/2127622
> > What rules/modifications do I need to do to get rid of this?
>
> We use this rule, but it's aggressive. It will block any Chinese message
> with a Word or Excel attachment. For our user-base, that's fine, but YMMV.
>
> Regards,
>
> David.
>
> # Chinese spams
> header __RP_SUBJ_UTF8 Subject:raw =~/=\?utf-8\?B/i
> header __RP_SUBJ_GB2312 Subject:raw =~ /=\?gb2312\?B/i
> header __RP_SUBJ_CJK Subject =~ /[\xe4-\xe9]/
> full __RP_8BIT_FNAME /name=.{0,30}[\x80-\xff]/
> full __RP_EXCEL /application\/vnd.ms-excel/i
> full __RP_DOC /application\/msword/i
> full __RP_GB2312_FNAME /name=.?=\?gb2312\?/i
> meta RP_D_00032 (__RP_SUBJ_UTF8 && __RP_SUBJ_CJK && (__RP_EXCEL || __RP_DOC || __RP_8BIT_FNAME)) || (__RP_SUBJ_GB2312 && (__RP_GB2312_FNAME || __RP_EXCEL || __RP_DOC || __RP_8BIT_FNAME))
> describe RP_D_00032 Looks like a Chinese spam
> score RP_D_00032 5.0
>
Thank you David.
Will give this a go. What I don't understand is that... Why is this not catching this 'utf' which is on the subject?
I used this for testing purposes. It catches other botnet headers like 'Experian', etc.
header XX_CUSTOM_HEADER Subject =~ /Experian|\$1500|to your account on file today|into your account today|video|clip|movie| vid|episode|utf/i
score XX_CUSTOM_HEADER 8.0
describe XX_CUSTOM_HEADER XX Custom Rules - Header
J