Topic: html @ exploit and SpamAssassin

[mophilly]

Recently I used Greg Swallow's excellent update script, which installs SpamAssassin. This has reduced my spam by many hundred items per day. Yeah!

An email purporting to be from PayPal slipped past SpamAssassin. This email appears to be bogus as it contains what I think is a known exploit. Note the line breaks followed by an @ symbol in the code snippet taken from a href link in the body of the note.

Code: [Select]

target=3D"_blank"
href=3D"http://www.paypal.com                                             =
                                                                          =
                       @maria4astrology.com/webscr/billing/1g2fds41kiuyt94=
641de8tij/"

I thought SpamAssassin would catch this sort of thing? I have been wading through the material re: SpamAssassin on the web but I  haven't hit pay dirt yet.

What can I do to catch this sort of exploit?

TIA

[genzil]

This is onne of those cases where the line between spam and a virus/hack attempt gets very fuzzy.

I would expect my virus scanner to pick some thing like this up, not spamassassin.  But that's my opinion.

[raem]

You can reduce the incidence of spam & virus infected messages by configuring RBLList blocking.
I have found a lot of spam & virus infected messages come from sources that are listed on RBL lists.
Depending on which spamassassin contrib you are using you may already have RBL blocking enabled.
See
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20using%20smtpfront-qmail%20for%20sme%20server.htm

If you really want to stop most virus infected messages you should also configure Pattern Matching see
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/Virus%20and%20file%20blocking%20HOWTO%20using%20smtpfront-qmail%20for%20sme%20server.htm