Snort mailing list archives

Re: searching for dirty word search software

From: Andrew Daviel <andrew () andrew triumf ca>
Date: Mon, 24 Sep 2001 15:37:48 -0700 (PDT)

On Mon, 24 Sep 2001, Diehl Sgt Kristin F wrote:

Anyone know of a good product to search for "dirty words" with in email
clients?

Kristin Diehl


In Unix/sendmail, one can use procmail, currently the default local
delivery agent, to search the message body for certain words. This could
be used to quarantine mail - redirect it to some person or agent who is
going to process it further - or deliver it to a special mail folder.

I'm not sure single-word trapping is very useful though - for instance, I
had a message on an industry list (no kids) bounced when I said something
like "this problem was a (female dog) to solve" - not, I think, offensive
or off-topic to the majority of members of a list like snort-users. And
looking at my spam mailbox for adult advertising suggests that they are
often avoiding "dirty words" in the text.

I have a problem like this on a free website listing service I run - the
site is supposed to be rated general, yet some automated agents were
submitting adult sites. I solved that by searching for keywords
and keeping score - a single word such as %63%75%6d%73%68%6f%74
which doesn't tend to appear in normal text is enough to get banned, while
words such as %63%75%6e%74 or %66%75%63%6b used often as expletives
would have to occur more than once or in combination for a page
to be banned. This was perhaps an easier problem than mail - the
authors were really trying to get found in search engines, not avoid
detection, so they often overload with "adult" keywords.

I have been collecting some spam with a view to trying a similar thing
on email, but as I say the authors are trying to avoid being filtered.
A heuristic based on things like ( teen NEAR ( movie OR free ) )
might work. Seems like a job for a neural network.

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security () triumf ca




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

searching for dirty word search software Diehl Sgt Kristin F (Sep 24)
- Re: searching for dirty word search software Andrew Daviel (Sep 24)