[Snort-users] Re: searching for dirty word search software

Andrew Daviel andrew at ...523...
Mon Sep 24 15:38:02 EDT 2001

On Mon, 24 Sep 2001, Diehl Sgt Kristin F wrote:

> Anyone know of a good product to search for "dirty words" with in email
> clients?
> Kristin Diehl

In Unix/sendmail, one can use procmail, currently the default local
delivery agent, to search the message body for certain words. This could
be used to quarantine mail - redirect it to some person or agent who is
going to process it further - or deliver it to a special mail folder.

I'm not sure single-word trapping is very useful though - for instance, I
had a message on an industry list (no kids) bounced when I said something
like "this problem was a (female dog) to solve" - not, I think, offensive
or off-topic to the majority of members of a list like snort-users. And
looking at my spam mailbox for adult advertising suggests that they are
often avoiding "dirty words" in the text.

I have a problem like this on a free website listing service I run - the
site is supposed to be rated general, yet some automated agents were
submitting adult sites. I solved that by searching for keywords
and keeping score - a single word such as %63%75%6d%73%68%6f%74
which doesn't tend to appear in normal text is enough to get banned, while
words such as %63%75%6e%74 or %66%75%63%6b used often as expletives
would have to occur more than once or in combination for a page
to be banned. This was perhaps an easier problem than mail - the
authors were really trying to get found in search engines, not avoid
detection, so they often overload with "adult" keywords.

I have been collecting some spam with a view to trying a similar thing
on email, but as I say the authors are trying to avoid being filtered.
A heuristic based on things like ( teen NEAR ( movie OR free ) )
might work. Seems like a job for a neural network.

Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security at ...524...

More information about the Snort-users mailing list