I know this really shouldn't be SpamAssassin's job since it's used more by virii than by spam, but has anyone had any luck specifically detecting iframe src=cid tags? Here's my current rule that tries to do so:
rawbody VIRUS_IFRAME_CID /<iframe +src ?=[ "]*cid/i describe VIRUS_IFRAME_CID VIRUS: IFRAME with internal source score VIRUS_IFRAME_CID 99 Every virus message I get scores on the existing RELAYING_FRAME rule, but not on the above. I've tried some much simpler regexps with no luck. More importantly, when I resend a virus message to myself it DOES match the above rule. Are these messages encoded in some way to make SpamAssassin miss the iframe tag? But the RELAYING_FRAME test works anyway? I'm confused. -- michael moncur mgm at starlingtech.com http://www.starlingtech.com/ "Nobody can be exactly like me. Even I have trouble doing it." -- Tallulah Bankhead _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk