Re: [SAtalk] IFRAME src=cid again

2002-04-05 Thread Tony L. Svanstrom
On Fri, 5 Apr 2002 the voices made Matt Sergeant write: > Craig Hughes wrote: > > I think the problem is you need to escape the <. > > < isn't anything special in a regexp - this is just a misunderstanding > propogated thoughout the SA rules. [tony@localhost] /Users/tony/ {155} man egrep | grep

Re: [SAtalk] IFRAME src=cid again

2002-04-05 Thread Craig Hughes
Must be a holdover from some other regex system -- I think it means "beginning of word" in some regex syntax or other, like: \b(?=\w) in perl On Fri, 2002-04-05 at 00:45, Matt Sergeant wrote: > Craig Hughes wrote: > > I think the problem is you need to escape the <. > > < isn't anything specia

Re: [SAtalk] IFRAME src=cid again

2002-04-05 Thread Matt Sergeant
Craig Hughes wrote: > I think the problem is you need to escape the <. < isn't anything special in a regexp - this is just a misunderstanding propogated thoughout the SA rules. Matt. ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://list

Re: [SAtalk] IFRAME src=cid again

2002-04-04 Thread Craig Hughes
I think the problem is you need to escape the <. As far as a src=cid rule, I don't think we have one yet in CVS -- I think there was a bugzilla about this though, I haven't gone through in a while to flush patches into CVS -- I'll try and do that this week so everything in bugzilla works its way

RE: [SAtalk] IFRAME src=cid again

2002-04-04 Thread Michael Moncur
> Download and use CVS if you're testing this stuff - email decoding is > improving all the time. I should have mentioned that I'm running the latest CVS version, I upgrade every few days. > Plus you can easily add in a test (using the > regression test stuff I just checked in): > > test VIRUS

RE: [SAtalk] IFRAME src=cid again

2002-04-04 Thread Michael Moncur
> I think the problem is you need to escape the <. I tried adding a \ before the < and will see if it helps - I can't test this since any test message I send works fine with the current regex, it's only the actual virii that slip through. < isn't anything special in perl, is it? -- michael monc

Re: [SAtalk] IFRAME src=cid again

2002-04-04 Thread Matt Sergeant
Michael Moncur wrote: > I know this really shouldn't be SpamAssassin's job since it's used more by > virii than by spam, but has anyone had any luck specifically detecting iframe > src=cid tags? Here's my current rule that tries to do so: > > rawbody VIRUS_IFRAME_CID / descri

[SAtalk] IFRAME src=cid again

2002-04-04 Thread Michael Moncur
I know this really shouldn't be SpamAssassin's job since it's used more by virii than by spam, but has anyone had any luck specifically detecting iframe src=cid tags? Here's my current rule that tries to do so: rawbody VIRUS_IFRAME_CID /http://www.starlingtech.com/ "Nobody ca