Mail.lacave.net

Liste de spamwares

Voici une liste de "signatures" de logiciels de spam (ou apparentés), construite sur base de messages postés sur les forums fr.comp.mail et fr.comp.mail.serveurs, et ensuite complétée de ma main en fonction des spams que j'ai reçus.

Vous pouvez utiliser cette liste pour combattre le spam, à vos risques et périls.  Notez qu'elle a été construite à partir des règles les plus larges soumises, ce qui signifie que les règles proposées sont trop larges.

Merci à Christophe Cuq, Éric Jacoboni, Françoise Marre-Fournier, Luc Bentz, Jacques Belin, Jacques L'helgoualc'h, Michel Guillou, Nicolas Chuche, Thomas Pedoussaut et Laura pour leur participation.

Si vous avez une contribution ou correction à apporter à cette liste, n'hésitez pas à me contacter (comme on peut s'en douter, cette adresse est protégée contre le spam par des filtres assez agressifs...).

Liste des signatures

Mise à jour : Sat Oct 28 21:40:31 CEST 2006

SignatureChamp(s)
[a-z]+@version.?\d\.\d+X-Mailer
[KQ]I[0-9][0-9]*X-Mailer
ABMailerX-Mailer
AccucastX-Mailer
Advanced.?Direct.?RemailerX-Server
Advanced.?Mass.?SenderX-Mailer, X-Sender
ALPHA_XMR75_00001MD2000X-Mailer
AristotleX-Mailer, X-Sender
AutoMailX-Mailer, X-Sender, Received, Message-Id
AvalancheX-Mailer, X-Sender
BlasterX-Mailer, X-Sender
BomberX-Mailer, X-Sender
Broadc@stX-Mailer
BroadcastX-Mailer
Brooklyn.?NorthX-Mailer, X-Sender
Bulkman.?ProX-Mailer, X-Sender
cBizOneX-Mailer
ClassMailingX-Mailer, X-Sender
ContactMailX-Mailer
dbMailX-Mailer, X-Sender
DejaVuX-Mailer, X-Sender
DiffondiX-Mailer, X-Sender
Direct.?EmailX-Mailer
DMailerX-Mailer, X-Sender
DvISEX-Mailer, X-Sender
DynamicX-Mailer, X-Sender
E-BroadcasterX-Mailer, X-Sender, Received, Message-Id
E-Mail.?BlasterX-Mailer, X-Sender
E-Mail.?WorksX-Mailer, X-Sender
e-MergeX-Mailer, X-Sender, Received, Message-Id
EDressZingerX-Mailer, X-Sender
Ellipse.?Bulk.?EmailerX-Sender
EMAILCOLLECTORPROX-Mailer, X-Sender
Emailer.?PlatinumX-Mailer, X-Sender, Received, Message-Id
EMailing.?List.?ProX-Mailer, X-Sender
eMarksmanX-Mailer, X-Sender, Received, Message-Id
eMergeX-Mailer, X-Sender
expeditorX-Mailer
ExtractorX-Mailer, X-Sender, Received, Message-Id
FAQMaili-Mailer
FastMailX-Mailer, X-Sender
Flet.?MailX-Mailer
FloodgateX-Mailer, X-Sender
Fortune.?NetX-Mailer, X-Sender
FreedomX-Mailer, X-Sender
from.?stealthX-Mailer, X-Sender, Received, Message-Id
GeoListX-Mailer, X-Sender
Global.?MessengerX-Mailer, X-Sender, Received, Message-Id
GoldMineX-Mailer
GOTO.?SoftwareX-Mailer, X-Sender
Group.?MailX-Mailer, X-Sender
GroupMasterX-Mailer, X-Sender, Received, Message-Id
IndyX-Library
Inet.?Mail.?OutX-Mailer, X-Sender
Internet.?MarketingX-Mailer, X-Sender
ITOK.?MassEasy.?MailerX-Mailer
izimailingX-Mailer, X-Sender, X-Server
JBH.?MsenderX-Mailer
JunoX-Mailer
K-MLX-Mailer
LetsGetA.?Move.?OnX-Mailer
Lightning.?BoltX-Mailer, X-Sender
List.?XX-Mailer, X-Sender, Received, Message-Id
MAGICX-Mailer, X-Sender
Mail.?bombX-Mailer, X-Sender
Mail.?expeditorX-Mailer, X-Sender
MailcastX-Mailer, X-Sender, Received, Message-Id
MailCityX-Mailer
Mailer.?SoftwareX-Mailer
MailFusionX-Mailer, X-Sender
MailingLIST.?Email.?SenderX-Mailer
MailKingX-Mailer, X-Sender, Received, Message-Id
MailloopX-Mailer, X-Sender
MailociraptorX-Mailer
MailPerformanceX-Mailer
MailXCollectorX-Mailer, X-Sender
MarketingX-Mailer
Mass.?SenderX-Mailer
MassE-MailX-Mailer, X-Sender, Received, Message-Id
Massive.?X-Mailer
massmail.?plX-Mailer, X-Sender, Received, Message-Id
Mat?ch[0-9]+X-Mailer, X-Sender
Max.?MailerX-Mailer
MBMX-Mailer
MegaProX-Mailer, X-Sender
mi?POP.?Web.?MailX-Mailer
MindshareX-Mailer
MM.?Super.?MailerX-Mailer
MMailerX-Mailer, X-Sender
mp5X-Mailer
Net.?ContactX-Mailer, X-Sender, Received, Message-Id
Net.?MailerX-Mailer, X-Sender, Received, Message-Id
NetMasters.?SMTP.?DemoX-Sender
News.?BreakerX-Mailer, X-Sender, Received, Message-Id
Novasoft.?SagittariusX-Mailer
oemProX-Mailer
Optin.?mailin.?X-Mailer, X-Sender
OutLook.?Express.?3\.14159X-Mailer
PG-MAILINGLISTX-Mailer, X-Sender
PHPBulkEmailerX-Mailer
PLAUZIUMX-Mailer, X-Sender
POPList.?EngineX-Sender
PowermailerX-Mailer, X-Sender, Received, Message-Id
Produced.?by.?X-Mailer
Prospect.?MailerX-Mailer, X-Sender
PSS.?Bulk.?MailerX-Mailer
Quick.?ShotX-Mailer, X-Sender, Received, Message-Id
QuickSenderX-Mailer, X-Sender
RafaleX-Mailer, X-Sender
randomword\#\#X-Mailer
Rapid.?EmailerX-Mailer
Ready.?Aim.?FireX-Mailer, X-Sender, Received, Message-Id
RLSP.?MailerX-Mailer
Robot.?MailX-Sender, X-Mailer
RodriquezmailUser-Agent
SarbacaneX-Mailer
ScientologyX-Mailer, X-Sender
SignatureX-Mailer
sMailingX-Mailer
SplioX-Mailer, X-Sender
StalkerX-Mailer, X-Sender, Received, Message-Id
StormPostX-Mailer
sul.?com.?brX-Mailer, X-Sender
SuperMailX-Mailer, X-Sender
superx.?mailerX-Mailer
TalkmailinoX-Mailer
UltraMailX-Sender
UnityMailX-Mailer, X-Sender
Vop.?MailX-Mailer
VXmailerUser-Agent
WC.?MailX-Mailer, X-Sender
WindoZX-Mailer, X-Sender, Received, Message-Id
WorkZX-Mailer
WorldMergeX-Mailer, X-Sender, Received, Message-Id
X-Mailer:X-Mailer
YourdoraX-Mailer, X-Sender, Received, Message-Id

Règles calculées

Voici une série de règles dans divers langages de filtres, conçues à partir de la liste ci-dessus.  Chacun fera plus que probablement des ajustements par rapport à ce qui est proposé ici, mais je pense que c'est un bon départ.  Notez que je favorise la destruction silencieuse des spams, partant du principe qu'un rejet (bounce) est une perte de temps et de bande passante.

Versions "chirurgicales"

Ces règles sont calculées le plus précisément possible en fonction des différents champs d'en-tête soumis.

Postfix

/^(User-Agent): .*(Rodriquezmail|VXmailer)/ DISCARD

/^(X-Library): .*(Indy)/ DISCARD

/^(X-Mailer): .*([a-z]+@version.?\d\.\d+|[KQ]I[0-9][0-9]*|ABMailer|Accucast|ALPHA_XMR75_00001MD2000|Broadc@st|Broadcast|cBizOne|ContactMail|Direct.?Email|expeditor|Flet.?Mail|GoldMine|ITOK.?MassEasy.?Mailer|JBH.?Msender|Juno|K-ML|LetsGetA.?Move.?On|MailCity|Mailer.?Software|MailingLIST.?Email.?Sender|Mailociraptor|MailPerformance|Marketing|Mass.?Sender|Massive.?|Max.?Mailer|MBM|mi?POP.?Web.?Mail|Mindshare|MM.?Super.?Mailer|mp5|Novasoft.?Sagittarius|oemPro|OutLook.?Express.?3\.14159|PHPBulkEmailer|Produced.?by.?|PSS.?Bulk.?Mailer|randomword\#\#|Rapid.?Emailer|RLSP.?Mailer|Sarbacane|Signature|sMailing|StormPost|superx.?mailer|Talkmailino|Vop.?Mail|WorkZ|X-Mailer:)/ DISCARD

/^(X-Mailer|X-Sender): .*(Advanced.?Mass.?Sender|Aristotle|Avalanche|Blaster|Bomber|Brooklyn.?North|Bulkman.?Pro|ClassMailing|dbMail|DejaVu|Diffondi|DMailer|DvISE|Dynamic|E-Mail.?Blaster|E-Mail.?Works|EDressZinger|EMAILCOLLECTORPRO|EMailing.?List.?Pro|eMerge|FastMail|Floodgate|Fortune.?Net|Freedom|GeoList|GOTO.?Software|Group.?Mail|Inet.?Mail.?Out|Internet.?Marketing|Lightning.?Bolt|MAGIC|Mail.?bomb|Mail.?expeditor|MailFusion|Mailloop|MailXCollector|Mat?ch[0-9]+|MegaPro|MMailer|Optin.?mailin.?|PG-MAILINGLIST|PLAUZIUM|Prospect.?Mailer|QuickSender|Rafale|Scientology|Splio|sul.?com.?br|SuperMail|UnityMail|WC.?Mail)/ DISCARD

/^(X-Mailer|X-Sender|Received|Message-Id): .*(AutoMail|E-Broadcaster|e-Merge|Emailer.?Platinum|eMarksman|Extractor|from.?stealth|Global.?Messenger|GroupMaster|List.?X|Mailcast|MailKing|MassE-Mail|massmail.?pl|Net.?Contact|Net.?Mailer|News.?Breaker|Powermailer|Quick.?Shot|Ready.?Aim.?Fire|Stalker|WindoZ|WorldMerge|Yourdora)/ DISCARD

/^(X-Mailer|X-Sender|X-Server): .*(izimailing)/ DISCARD

/^(X-Sender): .*(Ellipse.?Bulk.?Emailer|NetMasters.?SMTP.?Demo|POPList.?Engine|UltraMail)/ DISCARD

/^(X-Sender|X-Mailer): .*(Robot.?Mail)/ DISCARD

/^(X-Server): .*(Advanced.?Direct.?Remailer)/ DISCARD

/^(i-Mailer): .*(FAQMail)/ DISCARD

Procmail

:0
* ^(User-Agent): .*(Rodriquezmail|VXmailer)
/dev/null

:0
* ^(X-Library): .*(Indy)
/dev/null

:0
* ^(X-Mailer): .*([a-z]+@version.?\d\.\d+|[KQ]I[0-9][0-9]*|ABMailer|Accucast|ALPHA_XMR75_00001MD2000|Broadc@st|Broadcast|cBizOne|ContactMail|Direct.?Email|expeditor|Flet.?Mail|GoldMine|ITOK.?MassEasy.?Mailer|JBH.?Msender|Juno|K-ML|LetsGetA.?Move.?On|MailCity|Mailer.?Software|MailingLIST.?Email.?Sender|Mailociraptor|MailPerformance|Marketing|Mass.?Sender|Massive.?|Max.?Mailer|MBM|mi?POP.?Web.?Mail|Mindshare|MM.?Super.?Mailer|mp5|Novasoft.?Sagittarius|oemPro|OutLook.?Express.?3\.14159|PHPBulkEmailer|Produced.?by.?|PSS.?Bulk.?Mailer|randomword\#\#|Rapid.?Emailer|RLSP.?Mailer|Sarbacane|Signature|sMailing|StormPost|superx.?mailer|Talkmailino|Vop.?Mail|WorkZ|X-Mailer:)
/dev/null

:0
* ^(X-Mailer|X-Sender): .*(Advanced.?Mass.?Sender|Aristotle|Avalanche|Blaster|Bomber|Brooklyn.?North|Bulkman.?Pro|ClassMailing|dbMail|DejaVu|Diffondi|DMailer|DvISE|Dynamic|E-Mail.?Blaster|E-Mail.?Works|EDressZinger|EMAILCOLLECTORPRO|EMailing.?List.?Pro|eMerge|FastMail|Floodgate|Fortune.?Net|Freedom|GeoList|GOTO.?Software|Group.?Mail|Inet.?Mail.?Out|Internet.?Marketing|Lightning.?Bolt|MAGIC|Mail.?bomb|Mail.?expeditor|MailFusion|Mailloop|MailXCollector|Mat?ch[0-9]+|MegaPro|MMailer|Optin.?mailin.?|PG-MAILINGLIST|PLAUZIUM|Prospect.?Mailer|QuickSender|Rafale|Scientology|Splio|sul.?com.?br|SuperMail|UnityMail|WC.?Mail)
/dev/null

:0
* ^(X-Mailer|X-Sender|Received|Message-Id): .*(AutoMail|E-Broadcaster|e-Merge|Emailer.?Platinum|eMarksman|Extractor|from.?stealth|Global.?Messenger|GroupMaster|List.?X|Mailcast|MailKing|MassE-Mail|massmail.?pl|Net.?Contact|Net.?Mailer|News.?Breaker|Powermailer|Quick.?Shot|Ready.?Aim.?Fire|Stalker|WindoZ|WorldMerge|Yourdora)
/dev/null

:0
* ^(X-Mailer|X-Sender|X-Server): .*(izimailing)
/dev/null

:0
* ^(X-Sender): .*(Ellipse.?Bulk.?Emailer|NetMasters.?SMTP.?Demo|POPList.?Engine|UltraMail)
/dev/null

:0
* ^(X-Sender|X-Mailer): .*(Robot.?Mail)
/dev/null

:0
* ^(X-Server): .*(Advanced.?Direct.?Remailer)
/dev/null

:0
* ^(i-Mailer): .*(FAQMail)
/dev/null

Versions "économes"

Ces règles simplifient le traîtement en ne s'appliquant qu'aux deux champs les plus fréquents, X-Mailer et X-Sender

Postfix

/^(X-Mailer): .*([a-z]+@version.?\d\.\d+|[KQ]I[0-9][0-9]*|ABMailer|Accucast|ALPHA_XMR75_00001MD2000|Broadc@st|Broadcast|cBizOne|ContactMail|Direct.?Email|expeditor|Flet.?Mail|GoldMine|ITOK.?MassEasy.?Mailer|JBH.?Msender|Juno|K-ML|LetsGetA.?Move.?On|MailCity|Mailer.?Software|MailingLIST.?Email.?Sender|Mailociraptor|MailPerformance|Marketing|Mass.?Sender|Massive.?|Max.?Mailer|MBM|mi?POP.?Web.?Mail|Mindshare|MM.?Super.?Mailer|mp5|Novasoft.?Sagittarius|oemPro|OutLook.?Express.?3\.14159|PHPBulkEmailer|Produced.?by.?|PSS.?Bulk.?Mailer|randomword\#\#|Rapid.?Emailer|RLSP.?Mailer|Sarbacane|Signature|sMailing|StormPost|superx.?mailer|Talkmailino|Vop.?Mail|WorkZ|X-Mailer:)/ DISCARD

/^(X-Mailer|X-Sender): .*(Advanced.?Mass.?Sender|Aristotle|AutoMail|Avalanche|Blaster|Bomber|Brooklyn.?North|Bulkman.?Pro|ClassMailing|dbMail|DejaVu|Diffondi|DMailer|DvISE|Dynamic|E-Broadcaster|E-Mail.?Blaster|E-Mail.?Works|e-Merge|EDressZinger|EMAILCOLLECTORPRO|Emailer.?Platinum|EMailing.?List.?Pro|eMarksman|eMerge|Extractor|FastMail|Floodgate|Fortune.?Net|Freedom|from.?stealth|GeoList|Global.?Messenger|GOTO.?Software|Group.?Mail|GroupMaster|Inet.?Mail.?Out|Internet.?Marketing|izimailing|Lightning.?Bolt|List.?X|MAGIC|Mail.?bomb|Mail.?expeditor|Mailcast|MailFusion|MailKing|Mailloop|MailXCollector|MassE-Mail|massmail.?pl|Mat?ch[0-9]+|MegaPro|MMailer|Net.?Contact|Net.?Mailer|News.?Breaker|Optin.?mailin.?|PG-MAILINGLIST|PLAUZIUM|Powermailer|Prospect.?Mailer|Quick.?Shot|QuickSender|Rafale|Ready.?Aim.?Fire|Robot.?Mail|Scientology|Splio|Stalker|sul.?com.?br|SuperMail|UnityMail|WC.?Mail|WindoZ|WorldMerge|Yourdora)/ DISCARD

/^(X-Sender): .*(Ellipse.?Bulk.?Emailer|NetMasters.?SMTP.?Demo|POPList.?Engine|UltraMail)/ DISCARD

Procmail

:0
* ^(X-Mailer): .*([a-z]+@version.?\d\.\d+|[KQ]I[0-9][0-9]*|ABMailer|Accucast|ALPHA_XMR75_00001MD2000|Broadc@st|Broadcast|cBizOne|ContactMail|Direct.?Email|expeditor|Flet.?Mail|GoldMine|ITOK.?MassEasy.?Mailer|JBH.?Msender|Juno|K-ML|LetsGetA.?Move.?On|MailCity|Mailer.?Software|MailingLIST.?Email.?Sender|Mailociraptor|MailPerformance|Marketing|Mass.?Sender|Massive.?|Max.?Mailer|MBM|mi?POP.?Web.?Mail|Mindshare|MM.?Super.?Mailer|mp5|Novasoft.?Sagittarius|oemPro|OutLook.?Express.?3\.14159|PHPBulkEmailer|Produced.?by.?|PSS.?Bulk.?Mailer|randomword\#\#|Rapid.?Emailer|RLSP.?Mailer|Sarbacane|Signature|sMailing|StormPost|superx.?mailer|Talkmailino|Vop.?Mail|WorkZ|X-Mailer:)
/dev/null

:0
* ^(X-Mailer|X-Sender): .*(Advanced.?Mass.?Sender|Aristotle|AutoMail|Avalanche|Blaster|Bomber|Brooklyn.?North|Bulkman.?Pro|ClassMailing|dbMail|DejaVu|Diffondi|DMailer|DvISE|Dynamic|E-Broadcaster|E-Mail.?Blaster|E-Mail.?Works|e-Merge|EDressZinger|EMAILCOLLECTORPRO|Emailer.?Platinum|EMailing.?List.?Pro|eMarksman|eMerge|Extractor|FastMail|Floodgate|Fortune.?Net|Freedom|from.?stealth|GeoList|Global.?Messenger|GOTO.?Software|Group.?Mail|GroupMaster|Inet.?Mail.?Out|Internet.?Marketing|izimailing|Lightning.?Bolt|List.?X|MAGIC|Mail.?bomb|Mail.?expeditor|Mailcast|MailFusion|MailKing|Mailloop|MailXCollector|MassE-Mail|massmail.?pl|Mat?ch[0-9]+|MegaPro|MMailer|Net.?Contact|Net.?Mailer|News.?Breaker|Optin.?mailin.?|PG-MAILINGLIST|PLAUZIUM|Powermailer|Prospect.?Mailer|Quick.?Shot|QuickSender|Rafale|Ready.?Aim.?Fire|Robot.?Mail|Scientology|Splio|Stalker|sul.?com.?br|SuperMail|UnityMail|WC.?Mail|WindoZ|WorldMerge|Yourdora)
/dev/null

:0
* ^(X-Sender): .*(Ellipse.?Bulk.?Emailer|NetMasters.?SMTP.?Demo|POPList.?Engine|UltraMail)
/dev/null

Versions "napalm"

Ces règles regroupent tout dans le même sac et font la détection dans un maximum de champs, à l'exception des signatures de cinq lettres ou moins, qui pourraient trop facilement générer de faux posififs.

Postfix

/^(Received|X-Server|User-Agent|X-Sender|X-Mailer|X-Library|Message-Id|i-Mailer): .*([a-z]+@version.?\d\.\d+|[KQ]I[0-9][0-9]*|ABMailer|Accucast|Advanced.?Direct.?Remailer|Advanced.?Mass.?Sender|ALPHA_XMR75_00001MD2000|Aristotle|AutoMail|Avalanche|Blaster|Broadc@st|Broadcast|Brooklyn.?North|Bulkman.?Pro|cBizOne|ClassMailing|ContactMail|Diffondi|Direct.?Email|DMailer|Dynamic|E-Broadcaster|E-Mail.?Blaster|E-Mail.?Works|e-Merge|EDressZinger|Ellipse.?Bulk.?Emailer|EMAILCOLLECTORPRO|Emailer.?Platinum|EMailing.?List.?Pro|eMarksman|expeditor|Extractor|FAQMail|FastMail|Flet.?Mail|Floodgate|Fortune.?Net|Freedom|from.?stealth|GeoList|Global.?Messenger|GoldMine|GOTO.?Software|Group.?Mail|GroupMaster|Inet.?Mail.?Out|Internet.?Marketing|ITOK.?MassEasy.?Mailer|izimailing|JBH.?Msender|LetsGetA.?Move.?On|Lightning.?Bolt|List.?X|Mail.?bomb|Mail.?expeditor|Mailcast|MailCity|Mailer.?Software|MailFusion|MailingLIST.?Email.?Sender|MailKing|Mailloop|Mailociraptor|MailPerformance|MailXCollector|Marketing|Mass.?Sender|MassE-Mail|Massive.?|massmail.?pl|Mat?ch[0-9]+|Max.?Mailer|MegaPro|mi?POP.?Web.?Mail|Mindshare|MM.?Super.?Mailer|MMailer|Net.?Contact|Net.?Mailer|NetMasters.?SMTP.?Demo|News.?Breaker|Novasoft.?Sagittarius|Optin.?mailin.?|OutLook.?Express.?3\.14159|PG-MAILINGLIST|PHPBulkEmailer|PLAUZIUM|POPList.?Engine|Powermailer|Produced.?by.?|Prospect.?Mailer|PSS.?Bulk.?Mailer|Quick.?Shot|QuickSender|randomword\#\#|Rapid.?Emailer|Ready.?Aim.?Fire|RLSP.?Mailer|Robot.?Mail|Rodriquezmail|Sarbacane|Scientology|Signature|sMailing|Stalker|StormPost|sul.?com.?br|SuperMail|superx.?mailer|Talkmailino|UltraMail|UnityMail|Vop.?Mail|VXmailer|WC.?Mail|WorldMerge|X-Mailer:|Yourdora)/ DISCARD

/^(X-Library): .*(Indy)/ DISCARD

/^(X-Mailer): .*(Juno|K-ML|MBM|mp5|oemPro|WorkZ)/ DISCARD

/^(X-Mailer|X-Sender): .*(Bomber|dbMail|DejaVu|DvISE|eMerge|MAGIC|Rafale|Splio)/ DISCARD

/^(X-Mailer|X-Sender|Received|Message-Id): .*(WindoZ)/ DISCARD

Procmail

:0
* ^(Received|X-Server|User-Agent|X-Sender|X-Mailer|X-Library|Message-Id|i-Mailer): .*([a-z]+@version.?\d\.\d+|[KQ]I[0-9][0-9]*|ABMailer|Accucast|Advanced.?Direct.?Remailer|Advanced.?Mass.?Sender|ALPHA_XMR75_00001MD2000|Aristotle|AutoMail|Avalanche|Blaster|Broadc@st|Broadcast|Brooklyn.?North|Bulkman.?Pro|cBizOne|ClassMailing|ContactMail|Diffondi|Direct.?Email|DMailer|Dynamic|E-Broadcaster|E-Mail.?Blaster|E-Mail.?Works|e-Merge|EDressZinger|Ellipse.?Bulk.?Emailer|EMAILCOLLECTORPRO|Emailer.?Platinum|EMailing.?List.?Pro|eMarksman|expeditor|Extractor|FAQMail|FastMail|Flet.?Mail|Floodgate|Fortune.?Net|Freedom|from.?stealth|GeoList|Global.?Messenger|GoldMine|GOTO.?Software|Group.?Mail|GroupMaster|Inet.?Mail.?Out|Internet.?Marketing|ITOK.?MassEasy.?Mailer|izimailing|JBH.?Msender|LetsGetA.?Move.?On|Lightning.?Bolt|List.?X|Mail.?bomb|Mail.?expeditor|Mailcast|MailCity|Mailer.?Software|MailFusion|MailingLIST.?Email.?Sender|MailKing|Mailloop|Mailociraptor|MailPerformance|MailXCollector|Marketing|Mass.?Sender|MassE-Mail|Massive.?|massmail.?pl|Mat?ch[0-9]+|Max.?Mailer|MegaPro|mi?POP.?Web.?Mail|Mindshare|MM.?Super.?Mailer|MMailer|Net.?Contact|Net.?Mailer|NetMasters.?SMTP.?Demo|News.?Breaker|Novasoft.?Sagittarius|Optin.?mailin.?|OutLook.?Express.?3\.14159|PG-MAILINGLIST|PHPBulkEmailer|PLAUZIUM|POPList.?Engine|Powermailer|Produced.?by.?|Prospect.?Mailer|PSS.?Bulk.?Mailer|Quick.?Shot|QuickSender|randomword\#\#|Rapid.?Emailer|Ready.?Aim.?Fire|RLSP.?Mailer|Robot.?Mail|Rodriquezmail|Sarbacane|Scientology|Signature|sMailing|Stalker|StormPost|sul.?com.?br|SuperMail|superx.?mailer|Talkmailino|UltraMail|UnityMail|Vop.?Mail|VXmailer|WC.?Mail|WorldMerge|X-Mailer:|Yourdora)
/dev/null

:0
* ^(X-Library): .*(Indy)
/dev/null

:0
* ^(X-Mailer): .*(Juno|K-ML|MBM|mp5|oemPro|WorkZ)
/dev/null

:0
* ^(X-Mailer|X-Sender): .*(Bomber|dbMail|DejaVu|DvISE|eMerge|MAGIC|Rafale|Splio)
/dev/null

:0
* ^(X-Mailer|X-Sender|Received|Message-Id): .*(WindoZ)
/dev/null

Version SpamAssassin

Avec la structure du fichier de configuration de SpamAssassin, difficile de faire autre chose que la version la plus précise...

SpamAssassin

header SPAMWARE_LACAVE_1 Message-Id =~ /AutoMail|E-Broadcaster|e-Merge|Emailer.?Platinum|eMarksman|Extractor|from.?stealth|Global.?Messenger|GroupMaster|List.?X|Mailcast|MailKing|MassE-Mail|massmail.?pl|Net.?Contact|Net.?Mailer|News.?Breaker|Powermailer|Quick.?Shot|Ready.?Aim.?Fire|Stalker|WindoZ|WorldMerge|Yourdora/
describe SPAMWARE_LACAVE_1 Spamwares de la liste http://mail.lacave.net/spamwares/
score SPAMWARE_LACAVE_1 5.0

header SPAMWARE_LACAVE_2 Received =~ /AutoMail|E-Broadcaster|e-Merge|Emailer.?Platinum|eMarksman|Extractor|from.?stealth|Global.?Messenger|GroupMaster|List.?X|Mailcast|MailKing|MassE-Mail|massmail.?pl|Net.?Contact|Net.?Mailer|News.?Breaker|Powermailer|Quick.?Shot|Ready.?Aim.?Fire|Stalker|WindoZ|WorldMerge|Yourdora/
describe SPAMWARE_LACAVE_2 Spamwares de la liste http://mail.lacave.net/spamwares/
score SPAMWARE_LACAVE_2 5.0

header SPAMWARE_LACAVE_3 User-Agent =~ /Rodriquezmail|VXmailer/
describe SPAMWARE_LACAVE_3 Spamwares de la liste http://mail.lacave.net/spamwares/
score SPAMWARE_LACAVE_3 5.0

header SPAMWARE_LACAVE_4 X-Library =~ /Indy/
describe SPAMWARE_LACAVE_4 Spamwares de la liste http://mail.lacave.net/spamwares/
score SPAMWARE_LACAVE_4 5.0

header SPAMWARE_LACAVE_5 X-Mailer =~ /[a-z]+\@version.?\d\.\d+|[KQ]I[0-9][0-9]*|ABMailer|Accucast|Advanced.?Mass.?Sender|ALPHA_XMR75_00001MD2000|Aristotle|AutoMail|Avalanche|Blaster|Bomber|Broadc\@st|Broadcast|Brooklyn.?North|Bulkman.?Pro|cBizOne|ClassMailing|ContactMail|dbMail|DejaVu|Diffondi|Direct.?Email|DMailer|DvISE|Dynamic|E-Broadcaster|E-Mail.?Blaster|E-Mail.?Works|e-Merge|EDressZinger|EMAILCOLLECTORPRO|Emailer.?Platinum|EMailing.?List.?Pro|eMarksman|eMerge|expeditor|Extractor|FastMail|Flet.?Mail|Floodgate|Fortune.?Net|Freedom|from.?stealth|GeoList|Global.?Messenger|GoldMine|GOTO.?Software|Group.?Mail|GroupMaster|Inet.?Mail.?Out|Internet.?Marketing|ITOK.?MassEasy.?Mailer|izimailing|JBH.?Msender|Juno|K-ML|LetsGetA.?Move.?On|Lightning.?Bolt|List.?X|MAGIC|Mail.?bomb|Mail.?expeditor|Mailcast|MailCity|Mailer.?Software|MailFusion|MailingLIST.?Email.?Sender|MailKing|Mailloop|Mailociraptor|MailPerformance|MailXCollector|Marketing|Mass.?Sender|MassE-Mail|Massive.?|massmail.?pl|Mat?ch[0-9]+|Max.?Mailer|MBM|MegaPro|mi?POP.?Web.?Mail|Mindshare|MM.?Super.?Mailer|MMailer|mp5|Net.?Contact|Net.?Mailer|News.?Breaker|Novasoft.?Sagittarius|oemPro|Optin.?mailin.?|OutLook.?Express.?3\.14159|PG-MAILINGLIST|PHPBulkEmailer|PLAUZIUM|Powermailer|Produced.?by.?|Prospect.?Mailer|PSS.?Bulk.?Mailer|Quick.?Shot|QuickSender|Rafale|randomword\#\#|Rapid.?Emailer|Ready.?Aim.?Fire|RLSP.?Mailer|Robot.?Mail|Sarbacane|Scientology|Signature|sMailing|Splio|Stalker|StormPost|sul.?com.?br|SuperMail|superx.?mailer|Talkmailino|UnityMail|Vop.?Mail|WC.?Mail|WindoZ|WorkZ|WorldMerge|X-Mailer:|Yourdora/
describe SPAMWARE_LACAVE_5 Spamwares de la liste http://mail.lacave.net/spamwares/
score SPAMWARE_LACAVE_5 5.0

header SPAMWARE_LACAVE_6 X-Sender =~ /Advanced.?Mass.?Sender|Aristotle|AutoMail|Avalanche|Blaster|Bomber|Brooklyn.?North|Bulkman.?Pro|ClassMailing|dbMail|DejaVu|Diffondi|DMailer|DvISE|Dynamic|E-Broadcaster|E-Mail.?Blaster|E-Mail.?Works|e-Merge|EDressZinger|Ellipse.?Bulk.?Emailer|EMAILCOLLECTORPRO|Emailer.?Platinum|EMailing.?List.?Pro|eMarksman|eMerge|Extractor|FastMail|Floodgate|Fortune.?Net|Freedom|from.?stealth|GeoList|Global.?Messenger|GOTO.?Software|Group.?Mail|GroupMaster|Inet.?Mail.?Out|Internet.?Marketing|izimailing|Lightning.?Bolt|List.?X|MAGIC|Mail.?bomb|Mail.?expeditor|Mailcast|MailFusion|MailKing|Mailloop|MailXCollector|MassE-Mail|massmail.?pl|Mat?ch[0-9]+|MegaPro|MMailer|Net.?Contact|Net.?Mailer|NetMasters.?SMTP.?Demo|News.?Breaker|Optin.?mailin.?|PG-MAILINGLIST|PLAUZIUM|POPList.?Engine|Powermailer|Prospect.?Mailer|Quick.?Shot|QuickSender|Rafale|Ready.?Aim.?Fire|Robot.?Mail|Scientology|Splio|Stalker|sul.?com.?br|SuperMail|UltraMail|UnityMail|WC.?Mail|WindoZ|WorldMerge|Yourdora/
describe SPAMWARE_LACAVE_6 Spamwares de la liste http://mail.lacave.net/spamwares/
score SPAMWARE_LACAVE_6 5.0

header SPAMWARE_LACAVE_7 X-Server =~ /Advanced.?Direct.?Remailer|izimailing/
describe SPAMWARE_LACAVE_7 Spamwares de la liste http://mail.lacave.net/spamwares/
score SPAMWARE_LACAVE_7 5.0

header SPAMWARE_LACAVE_8 i-Mailer =~ /FAQMail/
describe SPAMWARE_LACAVE_8 Spamwares de la liste http://mail.lacave.net/spamwares/
score SPAMWARE_LACAVE_8 5.0

Données brutes

Le fichier texte à partir duquel est générée cette liste est téléchargeable ici.  Le script qui sert à générer cette page (encadrée d'un header et d'un footer) se trouve ici.

Retour à la page principale