I think the problem is you need to escape the <. As far as a src=cid rule, I don't think we have one yet in CVS -- I think there was a bugzilla about this though, I haven't gone through in a while to flush patches into CVS -- I'll try and do that this week so everything in bugzilla works its way into CVS before 2.2 release. Matts, if either of you feels bored, feel free to do the same. Don't add any patches that look "dodgy" in terms of stability or complexity, we'll save those for the 2.3 line.
C On Thu, 2002-04-04 at 04:49, Michael Moncur wrote: > I know this really shouldn't be SpamAssassin's job since it's used more by > virii than by spam, but has anyone had any luck specifically detecting iframe > src=cid tags? Here's my current rule that tries to do so: > > rawbody VIRUS_IFRAME_CID /<iframe +src ?=[ "]*cid/i > describe VIRUS_IFRAME_CID VIRUS: IFRAME with internal > source > score VIRUS_IFRAME_CID 99 > > Every virus message I get scores on the existing RELAYING_FRAME rule, but not > on the above. I've tried some much simpler regexps with no luck. > > More importantly, when I resend a virus message to myself it DOES match the > above rule. Are these messages encoded in some way to make SpamAssassin miss > the iframe tag? But the RELAYING_FRAME test works anyway? I'm confused. > > -- > michael moncur mgm at starlingtech.com http://www.starlingtech.com/ > "Nobody can be exactly like me. Even I have trouble doing it." > -- Tallulah Bankhead > > > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
