Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
EXCERPT: ======================================================= From: Agnes McMullin Subject: Greetings
<html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR> More Than You Can Poss<!--F_$i8F==[F0z,,0d,0n@-->ibly Imag<!--F_$i8F==[F0z,,0d,0n@-->ine!!<BR> She is j<!--F_$i8F==[F0z,,0d,0n@-->ust trying to sp<!--F_$i8F==[F0z,,0d,0n@-->are your fe<!--F_$i8F==[F0z,,0d,0n@-->elings by tel<!--F_$i8F==[F0z,,0d,0n@-->ling you oth<!--F_$i8F==[F0z,,0d,0n@-->erwise.<BR> <BR> DON'T WA<!--F_$i8F==[F0z,,0d,0n@-->IT UN<!--F_$i8F==[F0z,,0d,0n@-->TIL SHE IS GONE<BR> TO FIND OUT THAT YOU COULDN'T SAT<!--F_$i8F==[F0z,,0d,0n@-->ISFY HER!!! <BR> <BR> INTR<!--F_$i8F==[F0z,,0d,0n@-->ODUCING, THE FI<!--F_$i8F==[F0z,,0d,0n@-->RST ALL-IN-ONE <BR> Ma<!--F_$i8F==[F0z,,0d,0n@-->le Perfo<!--F_$i8F==[F0z,,0d,0n@-->rmance En<!--F_$i8F==[F0z,,0d,0n@-->hancer AND Pe<!--F_$i8F==[F0z,,0d,0n@-->nis Enla<!--F_$i8F==[F0z,,0d,0n@-->rgement<BR> [etc.] =========================================================
-------------------------------------------------------------------- E-Mail: (Ted Harding) Fax-to-email: +44 (0)870 167 1972 Date: 01-Apr-03 Time: 13:16:09 ------------------------------ XFMail ------------------------------
From: Ted Harding;
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
From: Agnes McMullin Subject: Greetings
<html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR> More Than You Can Poss<!--F_$i8F==[F0z,,0d,0n@-->ibly Imag<!--F_$i8F==[F0z,,0d,0n@-->ine!!<BR> She is j<!--F_$i8F==[F0z,,0d,0n@-->ust trying to sp<!--F_$i8F==[F0z,,0d,0n@-->are your fe<!--F_$i8F==[F0z,,0d,0n@-->elings by tel<!--F_$i8F==[F0z,,0d,0n@-->ling you oth<!--F_$i8F==[F0z,,0d,0n@-->erwise.<BR> <BR> DON'T WA<!--F_$i8F==[F0z,,0d,0n@-->IT UN<!--F_$i8F==[F0z,,0d,0n@-->TIL SHE IS GONE<BR> TO FIND OUT THAT YOU COULDN'T SAT<!--F_$i8F==[F0z,,0d,0n@-->ISFY HER!!! <BR> <BR> INTR<!--F_$i8F==[F0z,,0d,0n@-->ODUCING, THE FI<!--F_$i8F==[F0z,,0d,0n@-->RST ALL-IN-ONE <BR> Ma<!--F_$i8F==[F0z,,0d,0n@-->le Perfo<!--F_$i8F==[F0z,,0d,0n@-->rmance En<!--F_$i8F==[F0z,,0d,0n@-->hancer AND Pe<!--F_$i8F==[F0z,,0d,0n@-->nis Enla<!--F_$i8F==[F0z,,0d,0n@-->rgement<BR> [etc.] =========================================================
E-Mail: (Ted Harding) Fax-to-email: +44 (0)870 167 1972 Date: 01-Apr-03 Time: 13:16:09 ------------------------------ XFMail ------------------------------
That's all very well, but is what they're selling any good!!??
On 01-Apr-03 Keith Watson wrote:
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
<html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR> More Than You Can Poss<!--F_$i8F==[F0z,,0d,0n@-->ibly Imag<!--F_$i8F==[F0z,,0d,0n@-->ine!!<BR> [etc.] =========================================================
That's all very well, but is what they're selling any good!!?? :o)
Interruptus at best, by the look of it ... Ted.
-------------------------------------------------------------------- E-Mail: (Ted Harding) Fax-to-email: +44 (0)870 167 1972 Date: 01-Apr-03 Time: 16:03:01 ------------------------------ XFMail ------------------------------
(Ted Harding) wrote:
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
<html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR>
SA makes short work of it, though...
X-Spam-Status: No, hits=3.4 tagged_above=-10000.0 required=5.0 tests=HTML_30_40, PENIS_ENLARGE2, UPPERCASE_25_50
Anything like an open relay or forged header would have pushed it over the edge into spam oblivion.
On Tue, Apr 01, 2003 at 01:16:09PM -0000, Ted Harding wrote:
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
Looks like a growing trend, every piece of spam I've received this week has had 'mangled' HTML, full of random junk comment tags. :)
Tony Hoyle wrote:
(Ted Harding) wrote:
Got yet another of those performance-enhancer spams. The HTML has been confusingly fragmented (see below) no doubt to evade filters which search for keywords ...
<html> <body <BR> SI<!--F_$i8F==[F0z,,0d,0n@-->ZE AND STA<!--F_$i8F==[F0z,,0d,0n@-->MINA DO MA<!--F_$i8F==[F0z,,0d,0n@-->TTER<BR>
SA makes short work of it, though...
X-Spam-Status: No, hits=3.4 tagged_above=-10000.0 required=5.0 tests=HTML_30_40, PENIS_ENLARGE2, UPPERCASE_25_50
Anything like an open relay or forged header would have pushed it over the edge into spam oblivion.
I'm running SA with amavisd, the latest versions, and I must say, it seems a lot less effective than it was, and a lot less flexible... Maybe I need to spend more time customising, but I'm getting a lot of spam breaking through, and can't find a way to create user-specific white/black-lists/filters any more.
I came back from the rugby this weekend to over 500 detected spams...
Cheers, Laurie.