[Mimedefang] Considering an additional spam filter
Lucas Albers
admin at cs.montana.edu
Sat May 31 03:00:00 EDT 2003
>
> I am seeing a lot of the html obfuscation also. When viewed in a html
> enabled MUA you see stuff that should be caught by SA.
>
> My question is, what if a copy of the email was striped of all html tags
> and content between the tags and ran through SA again. Or if a not to
> complex test determined this email looks funny.. strip it and run it
> through the first time. I think this might expose "Oprah" ;)
>
> --Dave Helton
> --Real World Computing
>
Dave,
I believe sa does this already, based on what I read on the sa-devel list,
it should scan the message twice?, with plaintext and with the html-parser
thing.
They attempted to add an additional obfuscation rule but it did not score
that high on GA scans of the spam corpus. The additional obfuscation rule
did not detect many more additional spam items. They were working on
adding a rule like this to the next release of sa, 2.6.
Correct me if I am wrong, as I might be...as usual.
--Luke
More information about the MIMEDefang
mailing list