On Wednesday 14 January 2004 08:33 am, Brent J. Nordquist wrote: > On Tue, 13 Jan 2004, Larry Starr <[EMAIL PROTECTED]> wrote: > > uri FCS_URI_NODOTS /^[^\.]*$/ > > describe FCS_URI_NODOTS URI found with no Dots (.) > > score FCS_URI_NODOTS 3.0 > > Thanks for this; I have it installed here. I've also added: > > uri BCS_URI_2E_OBFU /=2[Ee]/ > describe BCS_URI_2E_OBFU URI found with obfuscated dots (.) > score BCS_URI_2E_OBFU 3.0 > > for even more penalties if you are deliberately obfuscating. :-)
Brent, A posting from David Funk, correctly points out that "=2E" is valid Quoted-Printable, and is decoded correctly by spamassassing, before the URI rules. Further, I've noticed a number of false positives, when simply looking for the "=2e" in a URI, for example (from a CNET newsletter). <a href="http://ct.com.com/click?q=2e-eMTGIiK~5C3CPxCHv_NO_rfUrBlR"; > SGI announces narrower loss</a> Notice that the URI is valid and that the "=2e" is NOT an encoded dot, but an argument value. You may wish to reduce your scoring for this rule a bit or, perhaps something like: uri BCS_URI_2E_OBFU /^[^\.]*=2e/ would be a bit more precise? -- Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED] Software Engineer: Full Compass Systems LTD. Phone: 608-831-7330 x 1347 FAX: 608-831-6330 =================================================================== There are only three sports: bullfighting, mountaineering and motor racing, all the rest are merely games! - Ernest Hemmingway ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
