What fields does AlphabetSoup look at?

Brauchen Sie Hilfe beim Benutzen eines Plugins?

Moderator: Forum-Team

What fields does AlphabetSoup look at?

Beitragvon JMThomas » 3. Jun 2011, 20:23

What fields does AlphabetSoup look at?

In particular, does it look at the to:, and/or from:, and/or subject:, as well as the message body?

PS: Thanks Boris. This filter gets the most hits after the DCC filter!
Benutzeravatar
JMThomas
Power-User
Power-User
 
Beiträge: 12
Registriert: 3. Jun 2011, 05:13

Re: What fields does AlphabetSoup look at?

Beitragvon Quellcore » 4. Jun 2011, 03:33

Hallo JMThomas!

Sorry,

it's me again, your worst nightmare ;-)

You won't get an answer from Boris, he hasn't been around in ages:
memberlist.php?mode=viewprofile&u=46
His last Post is from 2005, answers or updates are very unlikely.

We could try to do some reverse engineering if it's that important for you.
Can u upload an email that got classified as Spam by the Alphasoup filter and attach it to a post?
Please scramble your emailadress when you do that.


Regards,
Quellcore
CPU:Intel Core i7-2700K Processor (@ 45*100 = 4500 MHz)
Board:ASRock P67 Extreme4 Gen3
Ram: 16GB G.SKILL Ripjaws X Series (4 x 4GB) DDR3 2133 (Timings 10-10-10-28 2T @ 1866 MHz)
SSD: Samsung 128GB 2.5-inch SSD 830 Series (Desktop)
HDD-1: WD Caviar® SE16 640 GB, SATA2, 16 MB Cache, 7200 RPM
HDD-2: SAMSUNG EcoGreen F4 ST2000DL004 2TB 32MB Cache
Graphic: ATI Radeon HD 5850 ASUS EAH5850/G/2DIS/1GD5

Win 7 Ultimate 64-Bit / ESET NOD32 Antivirus 8.0 / Firefox 34 / Thunderbird 31
Spamihilator 1.6.0
Benutzeravatar
Quellcore
Assistent
Assistent
 
Beta-Tester
 
Beiträge: 1706
Registriert: 8. Mai 2004, 13:03
Wohnort: Long Island / USA

Re: What fields does AlphabetSoup look at?

Beitragvon JMThomas » 4. Jun 2011, 09:09

Hi Quellcore!

Nah... No nightmares, just good dreams! 8)

Did Boris leave you the source? If so, I'll eyeball it if you will let me. Otherwise, I'd rather you spend your time on the base product.

Best Regards,
JMThomas

PS: I wouldn't mind seeing the Charset source too, if available.
Benutzeravatar
JMThomas
Power-User
Power-User
 
Beiträge: 12
Registriert: 3. Jun 2011, 05:13

Re: What fields does AlphabetSoup look at?

Beitragvon Quellcore » 4. Jun 2011, 12:40

Hello JMThomas!

Nah, no sources.
I'm also not the programmer of Spami or any of the plugins, just a user.
Testing Spam-Mails by running them through Spami is quite easy, thanks to another nifty tool from Boris:
http://www.spamihilator.com/plugins?category=2&start=5&limit=5&detail=37

I would have tried to find a character pattern from one of your mails that the alphasoup detects and then would have migrated that pattern into different mails into different parts of the mail.

Example:
  • "abcdefg" gets detected by the alphasoup
  • make several different versions of the original spammail:
    • "abcdefg" in header field "to"
    • "abcdefg" in header field "from"
    • "abcdefg" in header field "subject"
    • "abcdefg" in body
  • feed those mails to Spami by running it through the virtual Pop3-Server

That's what i meant by "reverse engineering"
Testing should be very quick for me since everything is set up, just need an example what pattern would trigger the alphasoup filter.
If you could provide me one that would help me a lot.


Right now my guess would be that the filter scans the body and maybe also the subject, that's it.


Regards,
Quellcore
CPU:Intel Core i7-2700K Processor (@ 45*100 = 4500 MHz)
Board:ASRock P67 Extreme4 Gen3
Ram: 16GB G.SKILL Ripjaws X Series (4 x 4GB) DDR3 2133 (Timings 10-10-10-28 2T @ 1866 MHz)
SSD: Samsung 128GB 2.5-inch SSD 830 Series (Desktop)
HDD-1: WD Caviar® SE16 640 GB, SATA2, 16 MB Cache, 7200 RPM
HDD-2: SAMSUNG EcoGreen F4 ST2000DL004 2TB 32MB Cache
Graphic: ATI Radeon HD 5850 ASUS EAH5850/G/2DIS/1GD5

Win 7 Ultimate 64-Bit / ESET NOD32 Antivirus 8.0 / Firefox 34 / Thunderbird 31
Spamihilator 1.6.0
Benutzeravatar
Quellcore
Assistent
Assistent
 
Beta-Tester
 
Beiträge: 1706
Registriert: 8. Mai 2004, 13:03
Wohnort: Long Island / USA

Re: What fields does AlphabetSoup look at?

Beitragvon Quellcore » 6. Jun 2011, 02:02

Hallo JMThomas!

Differnet approach to answer:
VanguardLH hat geschrieben:The AlphabetSoup Filter plug-in tagged an e-mail as spam which is an e-mail that I wrote. It is a tech support request so it has dates, usernames, has "Doh!" and "Duh!" (slap my head, slap their head, for stupid mistakes by each), it is a reply so it has the From with e-mail addresses of the sender, member IDs (numeric), but doesn't have much of what I'd call alphabet soup (series of words composed of random characters). The most garbled words would be the e-mail addresses (since words are not use for the usernames) but then this plug-in should be ignoring e-mail addresses, anyway.

What language is this plug-in based? How many words of random characters does it take to get an e-mail tagged as spam (there is no configuration of this plug-in)? What is the minimal word length (since obviously many abbreviations are 3 to 4 characters long)? The plug-in is just a blackbox with no configuration, no documentation, and no way to know why it decided to tag an e-mail as spam (the Reason field in the Recycle Bin is blank).

There is no documentation, no settings to adjust, and obviously problems with false positives.
The author is long gone, the last update is from 2003.

So the most logical thing to say would be:
Let it rest and move on. There are plenty of other filters out there. Spami performs quite well without this particular one.


Regards,
Quellcore
CPU:Intel Core i7-2700K Processor (@ 45*100 = 4500 MHz)
Board:ASRock P67 Extreme4 Gen3
Ram: 16GB G.SKILL Ripjaws X Series (4 x 4GB) DDR3 2133 (Timings 10-10-10-28 2T @ 1866 MHz)
SSD: Samsung 128GB 2.5-inch SSD 830 Series (Desktop)
HDD-1: WD Caviar® SE16 640 GB, SATA2, 16 MB Cache, 7200 RPM
HDD-2: SAMSUNG EcoGreen F4 ST2000DL004 2TB 32MB Cache
Graphic: ATI Radeon HD 5850 ASUS EAH5850/G/2DIS/1GD5

Win 7 Ultimate 64-Bit / ESET NOD32 Antivirus 8.0 / Firefox 34 / Thunderbird 31
Spamihilator 1.6.0
Benutzeravatar
Quellcore
Assistent
Assistent
 
Beta-Tester
 
Beiträge: 1706
Registriert: 8. Mai 2004, 13:03
Wohnort: Long Island / USA

Re: What fields does AlphabetSoup look at?

Beitragvon Quellcore » 7. Jun 2011, 03:03

Hello JMThomas!

I'd still be happy to test which fields it checks, i just need an example for a pattern that does get recognized by the filter.

I generated different mails with the AlphabetSoup-String "1a2b3c4d5e6f" in different Header-Fields and the Body, but this string obviously makes it through the filter so i would appreciate any hint what pattern would get recognized by this filter.


Regards
Quellcore
CPU:Intel Core i7-2700K Processor (@ 45*100 = 4500 MHz)
Board:ASRock P67 Extreme4 Gen3
Ram: 16GB G.SKILL Ripjaws X Series (4 x 4GB) DDR3 2133 (Timings 10-10-10-28 2T @ 1866 MHz)
SSD: Samsung 128GB 2.5-inch SSD 830 Series (Desktop)
HDD-1: WD Caviar® SE16 640 GB, SATA2, 16 MB Cache, 7200 RPM
HDD-2: SAMSUNG EcoGreen F4 ST2000DL004 2TB 32MB Cache
Graphic: ATI Radeon HD 5850 ASUS EAH5850/G/2DIS/1GD5

Win 7 Ultimate 64-Bit / ESET NOD32 Antivirus 8.0 / Firefox 34 / Thunderbird 31
Spamihilator 1.6.0
Benutzeravatar
Quellcore
Assistent
Assistent
 
Beta-Tester
 
Beiträge: 1706
Registriert: 8. Mai 2004, 13:03
Wohnort: Long Island / USA

Re: What fields does AlphabetSoup look at?

Beitragvon Quellcore » 7. Jun 2011, 03:23

Hello JMThomas!

I got it, finally the string "1a2b3c4d5e6f7g8h9i10j11k" did the trick.

Now the very surprising result:
This filter seems to scan the subject field only, all my other test mails with the same string in different header fields and in the body went through unclassified.

Regards,
Quellcore

P.S. I wanted to upload a Screenshot of the training area with the result when i realized that this feature is missing in this subfourm, strange.
CPU:Intel Core i7-2700K Processor (@ 45*100 = 4500 MHz)
Board:ASRock P67 Extreme4 Gen3
Ram: 16GB G.SKILL Ripjaws X Series (4 x 4GB) DDR3 2133 (Timings 10-10-10-28 2T @ 1866 MHz)
SSD: Samsung 128GB 2.5-inch SSD 830 Series (Desktop)
HDD-1: WD Caviar® SE16 640 GB, SATA2, 16 MB Cache, 7200 RPM
HDD-2: SAMSUNG EcoGreen F4 ST2000DL004 2TB 32MB Cache
Graphic: ATI Radeon HD 5850 ASUS EAH5850/G/2DIS/1GD5

Win 7 Ultimate 64-Bit / ESET NOD32 Antivirus 8.0 / Firefox 34 / Thunderbird 31
Spamihilator 1.6.0
Benutzeravatar
Quellcore
Assistent
Assistent
 
Beta-Tester
 
Beiträge: 1706
Registriert: 8. Mai 2004, 13:03
Wohnort: Long Island / USA

Re: What fields does AlphabetSoup look at?

Beitragvon Quellcore » 13. Jun 2011, 15:34

Hello JMThomas!

Attachments work now in this subforum, here is the screenshot:
AlphabetSoup-Test.png
AlphabetSoup-Test.png (18.46 KiB) 5657-mal betrachtet

Just in case anybody thinks i'm crazy because i keep talking to myself, YOU'RE WRONG :mrgreen:

Regards,
Quellcore
CPU:Intel Core i7-2700K Processor (@ 45*100 = 4500 MHz)
Board:ASRock P67 Extreme4 Gen3
Ram: 16GB G.SKILL Ripjaws X Series (4 x 4GB) DDR3 2133 (Timings 10-10-10-28 2T @ 1866 MHz)
SSD: Samsung 128GB 2.5-inch SSD 830 Series (Desktop)
HDD-1: WD Caviar® SE16 640 GB, SATA2, 16 MB Cache, 7200 RPM
HDD-2: SAMSUNG EcoGreen F4 ST2000DL004 2TB 32MB Cache
Graphic: ATI Radeon HD 5850 ASUS EAH5850/G/2DIS/1GD5

Win 7 Ultimate 64-Bit / ESET NOD32 Antivirus 8.0 / Firefox 34 / Thunderbird 31
Spamihilator 1.6.0
Benutzeravatar
Quellcore
Assistent
Assistent
 
Beta-Tester
 
Beiträge: 1706
Registriert: 8. Mai 2004, 13:03
Wohnort: Long Island / USA

Re: What fields does AlphabetSoup look at?

Beitragvon Chactory » 14. Jun 2011, 01:46

Quellcore hat geschrieben:Just in case anybody thinks i'm crazy because i keep talking to myself, YOU'RE WRONG :mrgreen:
@ Quellcore, true :lol:
HilfeHelp «en»TippsAnbuva's FAQBob's FAQ «en»SpamwortlisteRegelfilterScreenshotsSSL/TLSSpami 1.6.0
Vostro 3450, Intel Core i5 2410M 2,3 GHz, 4 GB DDR3 SDRAM 1333 MHz, Windows 7 Pro 64 Bit SP1

Bild
Benutzeravatar
Chactory
Administrator
Administrator
 
Administration
Beta-Tester
Forum-Team
 
Beiträge: 9593
Registriert: 9. Jan 2004, 23:19
Wohnort: Kiel (D)

Re: What fields does AlphabetSoup look at?

Beitragvon Quellcore » 17. Jun 2011, 01:50

Hello JMThomas!

It's me again!
I couldn't really believe the outcome of my tests that this filter only scans the subject so i startet to dig a little deeper.

These are the results:
  • Can not read coded SUBJECT like UTF-8
    As a result pretty much every mail with a coded subject will get classified as Spam if only the subject and therefore the coded AlphabetSoup is long enough.
    This Subject would trigger Spam recognition because it only sees the AlphabetSoup including "ISO..." and not the decoded SUBJECT.
    Subject hat geschrieben:=?ISO-8859-1?B?S2VpbiBTcGFzcyBpbSBCZXR0IG1laHI/?=


  • BODY does get scanned
    The following Soup in the body triggered the Spam recognition:
    Body hat geschrieben:a1b2c3d4e5f6g7h8i9j10k11l12m13n14o15p16q17r18s19t20u21v22

    Removing only the last character was enough to make it fly by:
    Body hat geschrieben:a1b2c3d4e5f6g7h8i9j10k11l12m13n14o15p16q17r18s19t20u21v2


  • Different triggers for SUBJECT and BODY
    The following Soup in the subject triggered the Spam recognition:
    Subject hat geschrieben:Alphabet Soup Test (Soup in SUBJECT-Field) 1a2b3c4d5e6f7g8h9i10j11

    Removing only the last character was enough to make it fly by:
    Subject hat geschrieben:Alphabet Soup Test (Soup in SUBJECT-Field) 1a2b3c4d5e6f7g8h9i10j1

    These Soups are much shorter than the ones that had to be used to test the recognition in the body.

  • No hardcoded character count as the trigger
    In one set of tests i was using the pattern: "123456789abcdefghi123456789ab..." while in the other i was using the pattern "1a2b3c4d5e6f7g8h9i10j11..."
    The latter "1a2b3c4d5e6f7g8h9i10j11..." triggered Spam recognition with much less characters than the other pattern.

Just the fact alone that this filter can not handle coded SUBJECTS properly and simply recognizes this as AlphabetSoup is reason enough not to use it, at least for me.


Regards,
Quellcore
CPU:Intel Core i7-2700K Processor (@ 45*100 = 4500 MHz)
Board:ASRock P67 Extreme4 Gen3
Ram: 16GB G.SKILL Ripjaws X Series (4 x 4GB) DDR3 2133 (Timings 10-10-10-28 2T @ 1866 MHz)
SSD: Samsung 128GB 2.5-inch SSD 830 Series (Desktop)
HDD-1: WD Caviar® SE16 640 GB, SATA2, 16 MB Cache, 7200 RPM
HDD-2: SAMSUNG EcoGreen F4 ST2000DL004 2TB 32MB Cache
Graphic: ATI Radeon HD 5850 ASUS EAH5850/G/2DIS/1GD5

Win 7 Ultimate 64-Bit / ESET NOD32 Antivirus 8.0 / Firefox 34 / Thunderbird 31
Spamihilator 1.6.0
Benutzeravatar
Quellcore
Assistent
Assistent
 
Beta-Tester
 
Beiträge: 1706
Registriert: 8. Mai 2004, 13:03
Wohnort: Long Island / USA


Zurück zu Plugins: Hilfe

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast

cron

 industrious-southeast