I know this really shouldn't be SpamAssassin's job since it's used more by
virii than by spam, but has anyone had any luck specifically detecting iframe
src=cid tags? Here's my current rule that tries to do so:

rawbody VIRUS_IFRAME_CID                      /<iframe +src ?=[ "]*cid/i
describe VIRUS_IFRAME_CID                     VIRUS: IFRAME with internal
source
score VIRUS_IFRAME_CID                        99

Every virus message I get scores on the existing RELAYING_FRAME rule, but not
on the above. I've tried some much simpler regexps with no luck.

More importantly, when I resend a virus message to myself it DOES match the
above rule. Are these messages encoded in some way to make SpamAssassin miss
the iframe tag? But the RELAYING_FRAME test works anyway? I'm confused.

--
michael moncur   mgm at starlingtech.com   http://www.starlingtech.com/
"Nobody can be exactly like me.  Even I have trouble doing it."
                -- Tallulah Bankhead


_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to