Summary
The GTUBE ("Generic Test for Unsolicited Bulk Email") is a 68-byte test string used to test anti-spam systems, in particular those based on SpamAssassin.[1] In SpamAssassin, it carries an anti-spam score of 1000 by default, which would be sufficient to trigger any installation.
The contents of the string are as follows:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
and should be placed in the message body of an RFC 5322 compliant email message, without any line breaks or whitespace.
Checksums[2] for the string (68 bytes, no trailing newline) are as follows:
| Hash type | Value |
|---|---|
| CRC32 | dfdf8070 |
| MD5 | 6a684e1cdca03e6a436d182dd4069183 |
| SHA1 | c13086867f444d503829044f504826177e3eb438 |
| SHA224 | 1c23f40d1c94c2337176d7baa3e1d820adf6bd329f84d702f9f4f8e1 |
| SHA256 | 4418994365912e23b756ec7f14960f1a89230e44e6acb74de055db7c092f8b9c |
| SHA384 | 7c717360788affa4fa3ff6681456d2f9153311ae4d712fdc |
| SHA512 | 981e015cb8ade405d59ec9bb723a2e6b876fb40f597b368d7095f6734e64fe09 |
There exist some varieties, notably the NAItube (which will carry a variable weight)[3] and the GTphish (which will trigger specifically as a phishing mail),[4] which are used in the McAfee implementation of SpamAssassin.
The GTUBE is expected to be detected as a substring[5] and is not executable at all, unlike the test for computer viruses developed by EICAR.
References edit
- ^ "SpamAssassin: The GTUBE". spamassassin.apache.org. Retrieved 2023-07-13.
- ^ "What is a Checksum? | A Definition from TechTarget.com". Security. Retrieved 2023-07-13.
- ^ "How to generate test messages for Email Gateway anti-spam testing". McAfee. 2019-12-16. Archived from the original on 2020-11-01.
- ^ "McAfee Support Community - What is Threat Type: Test". McAfee. 2013-06-07.
- ^ "String | Subsequence & Substring". GeeksforGeeks. Retrieved 2023-07-13.
Bibliography edit
- "SpamAssassin: The GTUBE". The Apache Software Foundation.