[Mimedefang] got my mojo working
Dave Helton
dave at kd0yu.com
Mon Feb 23 14:49:18 EST 2004
Hi,
I've had the same problems not being able to filter Xanax, Valium, and
other drug obfuscations. And.... this junk is getting a little long in
the tooth.
I've had the following code running for the last couple days. It's
stable and has caught a few more bad emails than I expected. I would
think this script would be a real performance hit on larger systems
although I can't confirm it.
There are certainly better ways of doing this. There is probably a
better place to call this than in sub filter... Please feel free to
mangle and post your modifications or suggestions.
Works for me... YMMV
#***********************************************************************
# %PROCEDURE: subject_obfuscation
# %ARGUMENTS: None
# %RETURNS: 1 - subject line has words we key on, 0 - pass
# %DESCRIPTION: Called last in "sub filter"
#***********************************************************************
sub subject_obfuscation {
my ($subj, $line, $subscore, $local_debug);
if (open (INF, "./HEADERS")) {
$line = 0;
$local_debug = 1;
while ($line = <INF>) {
if ($line =~ /^Subject:/) {
$subj = $line;
last;
}
} ## end while
close(INF);
# blank subject line ?
if(chop($subj) eq "") {$subj = "No Subject"};
# decode the "=?ISO-8859-1?blah blah blah line?=
$line = decode_mimewords($subj); ## thank ya David
$subscore = 0;
if ($line =~ /^FWD:/) {$subscore = 3};
if ($line =~ /[Mm][Ee][Dd][Ss]/) {$subscore += 6};
if ($line =~ /[Pp][Ii][Ll][Ll][Ss]/) {$subscore += 6};
$line =~ s/@/a/g;
$line =~ s/1/i/g;
$line =~ s/[[:punct:]]//g; ## remove punctuations
if ($line =~ /[Vv][Ii][Aa][Gg][Rr][Aa]/) {$subscore += 3};
if ($line =~ /[Vv][Aa][Ll][Ii][Uu][Mm]/) {$subscore += 3};
if ($line =~ /[Xx][Aa][Nn][Aa][Xx]/) {$subscore += 6};
if($local_debug) {
if($subscore) {
md_graphdefang_log('subject_obfuscation_before', $subj, $subscore);
md_graphdefang_log('subject_obfuscation_after', $line, $subscore);
}
}
if ($subscore > 5) {
# 5 seems to be a good score... two test hits
action_change_header('Subject', "[SPAM] $subj");
return 1; ## hit!
} else {
return 0; ## no hit
}
} else {
md_graphdefang_log('subject_obfuscation: can\'t open HEADER
file.');
return 0;
} ## end if
}
#####################
at the end of "sub filter"
# always accept the email, client can filter on the subject now
# that it's marked as "[SPAM] $Subject".
if (subject_obfuscation()) { return action_accept(); };
return action_accept();
}
--
Dave Helton, KD0YU <dave at kd0yu.com>
Real World Computing
Davenport, IA, US
563-386-4041
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20040223/f0466fd7/attachment.sig>
More information about the MIMEDefang
mailing list