>From: Török Edwin [mailto:edwinto...@gmail.com] >>> Try using <a href="..."> for the URL. >>> >> Is that a requirement? If so we should get the spammers on board because >some of >> them may not know this :). > >No, there are more places from where URLs can be extracted, but "<a >href" is one that must work.
With modern email clients "helpfully" presenting text that looks like a URL as a real URL at the client end, SafeBrowsing really ought to check the plain text, not just within html tags. http://pastebin.com/m13232c54 may be just plain text when transmitted and scanned, but it's an "<a href>" by the time I read it: underlined, blue, and turns my cursor to a pointy finger with a pop-up box saying "Click to follow link". It was also in wide character encoding when I read it. I'm not sure if that it how it was transmitted, or if that was done by the client: 0001d60: 7400 2900 0d00 0a00 0d00 0a00 6800 7400 t.).........h.t. 0001d70: 7400 7000 3a00 2f00 2f00 7000 6100 7300 t.p.:././.p.a.s. 0001d80: 7400 6500 6200 6900 6e00 2e00 6300 6f00 t.e.b.i.n...c.o. 0001d90: 6d00 2f00 6d00 3100 3300 3200 3300 3200 m./.m.1.3.2.3.2. 0001da0: 6300 3500 3400 0d00 0a00 0d00 0a00 4300 c.5.4.........C. 0001db0: 6800 6500 6500 7200 7300 2c00 0d00 0a00 h.e.e.r.s.,..... 0001dc0: 0d00 0a00 5300 7400 6500 7600 6500 0d00 ....S.t.e.v.e... Either way, switching encoding would be another way for spammers to try to avoid a scan. Moray. "To err is human. To purr, feline" _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
