Ikeb;
Am I allowed to post a link to the image filters on my own website, or should I copy and paste them into a forum reply?

Oh well, no reply, so here is a link to my custom MWP spam filter rules. The 2nd through 4th rules deal with the current crop of image spam for stocks and investments. Note that I have set them to automatically delete without notice. You may want to change that to "prompt," until you are certain that the rules are 100% accurate for your use.

Since the spammers occasionally alter their headers I alter my rules to match their techniques, usually within mere minutes of finding a new trick that gets past an existing filter. Such is the case with the GIF Spam #3 rule. However, even though they alter the layout there are always some things that must remain constant for their spam to work, and I always find those commonalities and create rules to detect it. I have a topic on my blog about this image spam issue and it gets a lot of hits.

I hope this helps other MailWasher Pro users. If the links are a problem I apologize in advance.

Interesting collection of filters, Thanks for posting them.

Be sure you close MailWasher completely before manually editing your filter file.

I just updated my MailWasher filters to intercept a new variation of the investments image spam. The new filter is GIF Spam #4. grab them at: www.wizcrafts.net/docs/filters.txt . Be sure to close MailWasher before editing filters.txt. Watch out for blank lines between or after rules, or extra spaces after the end of a rule. Either will cause you problems.

Ikeb wrote:

OK, I placed the link along with some explanatory text at the CastleCopsWiki's MWP Filter page. Wizcrafts, perhaps you might have some examples etc that could be added to the Header filtering or Body filtering articles. If so, you're most certainly encouraged to contribute the examples with explanation to CCW.

BTW, I split the Wizcrafts filter set discussion to its own topic so it's more likely to be viewed by all. A lot of users have been asking for something like this especially given that Gary hasn't updated his filter set for several years now. On behalf of all MWP users, a big thank you to Wizcrafts!

_________________

CastleCopsWiki

If you are experiencing slowdowns in displaying or hiding email in MWP after installing my filters, it may be the fault of GIF Spam rules 3 and 4. I found that they were testing for too many broad matches in the Regular Expressions, for body text.

I just updated (on Nov 8, 2006) the GIF Spam #3 and #4 filters to speed up parsing. Grab the new code at www.wizcrafts.net/docs/filters.txt . The rest of the filter rules remain unchanged since Nov 6, 2006.

Please let me know if you continue to experience slowdowns, or if MailWasher Pro becomes unresponsive while downloading messages, after installing my filters. I'll try to find and fix the problem (usually RegExpr). So far only the image spam filters have cause me any problems in rendering.

Sorry guys. My last update didn't work out as planned. I have reverted to the previous matching of body text. If I find a better workaround I'll let you know. In the meantime, here are the correct rules that I tried to speed up, unsuccessfully, as the need to be, for now. Each rule should occupy one continuous line, without spaces between them.

[enabled],"GIF Spam #3","GIF Spam#3",16711680,AND,Hidden,Delete,Automatic,EntireHeader,contains,"MIME-Version: 1.0",EntireHeader,contains,"Content-Type: multipart/related;",EntireHeader,containsRE,"boundary="".+""",Body,contains,"Content-Transfer-Encoding: 7bit",Body,containsRE,"<img\ alt="".*"" ",Body,containsRE,"src=""cid:.+@.+",Body,containsRE,"\ width="".+""><br>",Body,containsRE,"(.+<br>){10,}",Body,contains,"Content-Type: image/gif;",Body,contains,"Content-Disposition: inline;"
[enabled],"GIF Spam #4","GIF Spam#4",16711680,AND,Hidden,Delete,Automatic,EntireHeader,contains,"MIME-Version: 1.0",EntireHeader,contains,"Content-Type: multipart/related;",EntireHeader,containsRE,"boundary="".+""",Body,contains,"Content-Transfer-Encoding: 7bit",Body,containsRE,"<img\salt="".*""",Body,containsRE,"src=""cid:.+""><br>",Body,containsRE,"(.+<br>){8,}",Body,contains,"Content-Type: image/gif;",Body,contains,"Content-Transfer-Encoding: base64"

Paste these over the ones you replaced earlier today. Avoid extra spaces after the end of a line of code. Do not allow blank lines between rules, or after the last rule.

If anybody with knowledge of RegExpr want to help me figure this parsing speed problem send me a PM.

I downloaded the new filters and made the amendment to the 'gif spam #3' and '#4' rules. Installed and rebooted Mailwasher. All ran fine for a couple of hours.

After a couple of hours of recent shutdown, I have come home to Mailwasher continuously crashing. Simply locks up when trying to download one of the emails. Was a spam mail, because I have put the old rules.txt file back and all is fine. There wasn't one from anyone I know.

Point is one of the rules caused a massive hang. I waited max 3 mins before a force quit. Even if this is normal, I'm certainly not going through this again. It was only downloaded and installed today, and after a total of around 2-3 hours, a rule is causing chaos. Never got the route of which one as Mailwasher never completed the process.

Task manager was reporting 100% CPU useage. XP sp2 and Mailwasher 5.3. Shame this and having to go back to the old rules from years previous.

Thanks a lot for all the effort put into the production of these and for making them public, but nonetheless hoping for a fixed update soon!

From a beginners point of view, any chance of some instructions on how to put these filters into MW Pro? Do you just highlight, copy and paste 'as is' or do you need to do anything else? I don't want to end up with a dead MW Pro!!

Secondly, and maybe a bit off subject but still to do with filters, is it possible to automatically delete (So not seen) spam as noted as spam by relays and spamcop? I see that nearly all the emails I receive are listed as 'Origin Blacklisted' If these are known spams do I need to see them at all or can I set MW Pro to delete these but show me ones that it doesn't recognise so I can delete them myself?

Hope that makes sense