At 08:02 AM 5/18/02 -0700, Daniel Rogers wrote:
>These people have been obsfucating their URL in a bunch of diffrent ways. 
>We don't seem to have any test that matches on that.
>

I see something in SA 2.20;
uri HTTP_ESCAPED_HOST       /^https?\:\/\/[^\/]*%/
describe HTTP_ESCAPED_HOST      Uses %-escapes inside a URL's hostname
score HTTP_ESCAPED_HOST              1.849

I think ESCAPES_DIGIT /%3[0-9]/ might be a good test too, 
and not just inside URIs.  Escaping /any/ character that
doesn't need to be is suspect.

Scott Nelson <[EMAIL PROTECTED]>

_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/

_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to