aha... i missed the "x" in your regex. great, thank you for the samples. brats...
you're right, harder to scale them down. I'll go with this for now then. /\&\#0*(?:65|97);|\&\#x0*41;|\&\#x0*61;)/ Thanks again for the tip! I'll change them on the page too. Jennifer > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Scott Sprunger > Sent: Monday, November 03, 2003 11:00 AM > To: 'jennifer'; [EMAIL PROTECTED] > Subject: RE: [SAtalk] [RD] Weeds changes > > > There are two partial emails shown below. They are both the > same email from various sources. You can see that one uses > decimal and the other hex. There are some punctuation > characters (% %) being the "%", but they are few. > > I like the idea of cleaning things up with the new format > /\&\#0*(?:65|97);/, but this does not account for the hex > values or the preceding "x" character to indicate same. The > "x" comes before the zeros which is tripping me up at the > moment. I'll noodle on this part and post if I come up with anything. > > Below are snippets of two different emails, from two senders. > The same email encoded differently... > > Decimal encoded > ------------------------------------------ > Its The Most Advanced Pnis > Enlargment > Solution!<br> > It's 100.% > Guaranted To > Enlarg Your Pnis</big><br> > <br>- No Pills Or Capsules<br> > - No Lotions Or Cremes<br> > - No Pumps, Weights, Or > Exercises<br> > - No Prescription Necessary<br> > - Doctor Designed & Endorsed<br> > > > Hex encoded > ------------------------------------------ > > Its The Most Advanced Pnis > Enlargment > Solution!<br> > It's 100.% > Guaranted To > Enlarg Your Pnis</big><br> > <br>- No Pills Or Capsules<br> > - No Lotions Or Cremes<br> > - No Pumps, Weights, Or > Exercises<br> > - No Prescription Necessary<br> > - Doctor Designed & Endorsed<br> > > > > -----Original Message----- > From: jennifer [mailto:[EMAIL PROTECTED] > Sent: Monday, November 03, 2003 10:18 AM > To: 'Scott Sprunger'; [EMAIL PROTECTED] > Subject: RE: [SAtalk] [RD] Weeds changes > > > Hi Scott, > Thanks for the heads up. > > You wouldn't happen to have a sample of one of those spams > would you? I'm curious about something. I'm wondering if > they were using decimal code for punctuation rather than hex > code for letters?? "=" (or > =) is actually "=" not "a". So maybe you were seeing > punctuation mixed in? "! being "!". If that is the case, > we just need to tag on all the punctuation. However, I didn't > know about the zeros, and you're right. Thanks! here is a > cleaner way to write these, (thanks to a very nice person for > pointing that out, A.L.!) > > /\&\#(?:65|97);/ > > so adding the zeros it would be > /\&\#0*(?:65|97);/ > > I'll make this change on the page, but I'll wait a bit to see > if I'm 'out in left' with my thinking. > > I'm realizing spammers are indirectly helping me out in my > education, maybe I should say "Thank You!" to them as well. ...nah. > > Jennifer > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Scott Sprunger > > Sent: Monday, November 03, 2003 8:51 AM > > To: [EMAIL PROTECTED] > > Subject: [SAtalk] [RD] Weeds changes > > > > > > This past weekend a flood of new spam arrived which > > circumvented the weeds rules by using leading zeros and hex > > values (both legal from an HTML perspective). I've updated > > my local rules as below. Hope this is useful. BTW, Jennifer > > thanks for an incredible set of rules! > > > > -- Scott > > > > describe J_WEEDS_A Decimal or Hex character encoding [Aa] > > full J_WEEDS_A > > /(\&\#0*65\;|\&\#0*97\;|\&\#x0*41;|\&\#x0*61;)/i > > score J_WEEDS_A 0.5 > > > > describe J_WEEDS_B Decimal or Hex character encoding [Bb] > > full J_WEEDS_B > > /(\&\#0*66\;|\&\#0*98\;|\&\#x0*42;|\&\#x0*62;)/i > > score J_WEEDS_B 0.5 > > > > describe J_WEEDS_C Decimal or Hex character encoding [Cc] > > full J_WEEDS_C > > /(\&\#0*67\;|\&\#0*99\;|\&\#x0*43;|\&\#x0*63;)/i > > score J_WEEDS_C 0.5 > > > > describe J_WEEDS_D Decimal or Hex character encoding [Dd] > > full J_WEEDS_D > > /(\&\#0*68\;|\&\#0*100\;|\&\#x0*44;|\&\#x0*64;)/i > > score J_WEEDS_D 0.5 > > > > describe J_WEEDS_E Decimal or Hex character encoding [Ee] > > full J_WEEDS_E > > /(\&\#0*69\;|\&\#0*101\;|\&\#x0*45;|\&\#x0*65;)/i > > score J_WEEDS_E 0.5 > > > > describe J_WEEDS_F Decimal or Hex character encoding [Ff] > > full J_WEEDS_F > > /(\&\#0*70\;|\&\#0*102\;|\&\#x0*46;|\&\#x0*66;)/i > > score J_WEEDS_F 0.5 > > > > describe J_WEEDS_G Decimal or Hex character encoding [Gg] > > full J_WEEDS_G > > /(\&\#0*71\;|\&\#0*103\;|\&\#x0*47;|\&\#x0*67;)/i > > score J_WEEDS_G 0.5 > > > > describe J_WEEDS_H Decimal or Hex character encoding [Hh] > > full J_WEEDS_H > > /(\&\#0*72\;|\&\#0*104\;|\&\#x0*48;|\&\#x0*68;)/i > > score J_WEEDS_H 0.5 > > > > describe J_WEEDS_I Decimal or Hex character encoding [Ii] > > full J_WEEDS_I > > /(\&\#0*73\;|\&\#0*105\;|\&\#x0*49;|\&\#x0*69;)/i > > score J_WEEDS_I 0.5 > > > > describe J_WEEDS_J Decimal or Hex character encoding [Jj] > > full J_WEEDS_J > > /(\&\#0*74\;|\&\#0*106\;|\&\#x0*4A;|\&\#x0*6A;)/i > > score J_WEEDS_J 0.5 > > > > describe J_WEEDS_K Decimal or Hex character encoding [Kk] > > full J_WEEDS_K > > /(\&\#0*75\;|\&\#0*107\;|\&\#x0*4B;|\&\#x0*6B;)/i > > score J_WEEDS_K 0.5 > > > > describe J_WEEDS_L Decimal or Hex character encoding [Ll] > > full J_WEEDS_L > > /(\&\#0*76\;|\&\#0*108\;|\&\#x0*4C;|\&\#x0*6C;)/i > > score J_WEEDS_L 0.5 > > > > describe J_WEEDS_M Decimal or Hex character encoding [Mm] > > full J_WEEDS_M > > /(\&\#0*77\;|\&\#0*109\;|\&\#x0*4D;|\&\#x0*6D;)/i > > score J_WEEDS_M 0.5 > > > > describe J_WEEDS_N Decimal or Hex character encoding [Nn] > > full J_WEEDS_N > > /(\&\#0*78\;|\&\#0*110\;|\&\#x0*4E;|\&\#x0*6E;)/i > > score J_WEEDS_N 0.5 > > > > describe J_WEEDS_O Decimal or Hex character encoding [Oo] > > full J_WEEDS_O > > /(\&\#0*79\;|\&\#0*111\;|\&\#x0*4F;|\&\#x0*6F;)/i > > score J_WEEDS_O 0.5 > > > > describe J_WEEDS_P Decimal or Hex character encoding [Pp] > > full J_WEEDS_P > > /(\&\#0*80\;|\&\#0*112\;|\&\#x0*50;|\&\#x0*70;)/i > > score J_WEEDS_P 0.5 > > > > describe J_WEEDS_Q Decimal or Hex character encoding [Qq] > > full J_WEEDS_Q > > /(\&\#0*81\;|\&\#0*113\;|\&\#x0*51;|\&\#x0*71;)/i > > score J_WEEDS_Q 0.5 > > > > describe J_WEEDS_R Decimal or Hex character encoding [Rr] > > full J_WEEDS_R > > /(\&\#0*82\;|\&\#0*114\;|\&\#x0*52;|\&\#x0*72;)/i > > score J_WEEDS_R 0.5 > > > > describe J_WEEDS_S Decimal or Hex character encoding [Ss] > > full J_WEEDS_S > > /(\&\#0*83\;|\&\#0*115\;|\&\#x0*53;|\&\#x0*73;)/i > > score J_WEEDS_S 0.5 > > > > describe J_WEEDS_T Decimal or Hex character encoding [Tt] > > full J_WEEDS_T > > /(\&\#0*84\;|\&\#0*116\;|\&\#x0*54;|\&\#x0*74;)/i > > score J_WEEDS_T 0.5 > > > > describe J_WEEDS_U Decimal or Hex character encoding [Uu] > > full J_WEEDS_U > > /(\&\#0*85\;|\&\#0*117\;|\&\#x0*55;|\&\#x0*75;)/i > > score J_WEEDS_U 0.5 > > > > describe J_WEEDS_V Decimal or Hex character encoding [Vv] > > full J_WEEDS_V > > /(\&\#0*86\;|\&\#0*118\;|\&\#x0*56;|\&\#x0*76;)/i > > score J_WEEDS_V 0.5 > > > > describe J_WEEDS_W Decimal or Hex character encoding [Ww] > > full J_WEEDS_W > > /(\&\#0*87\;|\&\#0*119\;|\&\#x0*57;|\&\#x0*77;)/i > > score J_WEEDS_W 0.5 > > > > describe J_WEEDS_X Decimal or Hex character encoding [Xx] > > full J_WEEDS_X > > /(\&\#0*88\;|\&\#0*120\;|\&\#x0*58;|\&\#x0*78;)/i > > score J_WEEDS_X 0.5 > > > > describe J_WEEDS_Y Decimal or Hex character encoding [Yy] > > full J_WEEDS_Y > > /(\&\#0*89\;|\&\#0*121\;|\&\#x0*59;|\&\#x0*79;)/i > > score J_WEEDS_Y 0.5 > > > > describe J_WEEDS_Z Decimal or Hex character encoding [Zz] > > full J_WEEDS_Z > > /(\&\#0*90\;|\&\#0*122\;|\&\#x0*5A;|\&\#x0*7A;)/i > > score J_WEEDS_Z 0.5 > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: SF.net Giveback Program. > > Does SourceForge.net help you be more productive? Does it > > help you create better code? SHARE THE LOVE, and help us help > > YOU! Click Here: http://sourceforge.net/donate/ > > _______________________________________________ > > Spamassassin-talk mailing list > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
