Hi Jennifer,
I think I have found a rule that works well for HTML tags, scripts, and all
the junk including EOL between tags.
/ \w{1,7}<\/?[\w\W]{0,150}>\w{1,7}/
The thing that was really throwing me of was the possibility of the leading
'>' from '[>\s]' at the beginning of the rule. I finally realized that the
whole point is obfuscation of a word. This means that the message has to
begin with a space.
who lo<!-- granola -->ve f<!-- schumann -->un<
who lo<!-- granola -->ve<!-- schumann -->d<!--
prescr<rA>iption medic<J>ation th<XOgy>at fo<ZKS>r pa<WV>in rel<v>ief,
No ne<kakterrclrh>ed t<kbiryiabmkt>o drea<kopkhtcbfnt>m
men<xt>'s heal<rOeW>th, wome<Q>n's heal<qu>th,
You wi<z$randhtmltag>ll le<z$randhtmltag>arn how
enl<g$b>arge y<g$b>our me<g$b>mber
To support the above test, I developed a rule just to snag the random words
within tags.
/<!?-?-? ?\w{7,} ?-?-?>/
Which will get the stuff like:
<!-- granola -->
<shorthand>
I also came up with another one (sorry for the wrap):
/[bcdfghjklmnpqrstvwxz\d]{4,}[aeiouy]{1,2}[bcdfghjklmnpqrstvwxz\d]{3,}/i
Which will get the random stuff like:
zr bcllajzl-->ch (bcllajz - from your example)
yioqerf-->p to 3<!--uthjsocwphyowsvdkrp (thjsocwp, cwphyowsv)
you can now <b>ex<kjfnkrydlxvudbv>pan (kjfnkrydlx)
qdg22k2vn5 1l43lf3z7ehr vckwoh3h9zm643 (vckwoh3h9zm643)
The last two rules don't catch everything but together, all three seem to
work well. Let me know what you think . . . any constructive feedback is
welcome!
--Larry
> -----Original Message-----
> From: jennifer
> Sent: Sunday, October 12, 2003 12:32 PM
> To: 'Larry Gilson'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] Popcorn, Backhair, and Weeds
>
>
> Hi larry,
>
> This seems to work, it matches what I think you're trying to
> do, but It's otherwise untested. (matched 'w<p§R>ork')
>
> /[>\s]\w{1,7}<\/?\s?[\w\s]{1,20}\S{1}[\w\s]{1,20}\/?\s?>\w{1,7}\W/i
>
> I'd test it out before I gave it much of a score. Maybe you
> can do something with that. There is a rule in spamassassin
> that searches for an obfu comment, you could also try editing
> that rule to do what you're working on if this isn't working out.
>
> I like the additive nature of the set, and eventually I'll
> figure out how to get the set to be a little more far
> reaching in the tags, but for now I need a break :) this
> stuff is all very new to me and my brain says no mas!
>
> ...yeah, keith's explanation was nice!! Like music.
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
