At 02:39 PM 1/26/04 -0500, Kurt Yoder wrote: <snip>
body PHISHERMEN /http:\/\/(\w*?\.)+[a-zA-Z]{2,10}?[^/\s]*?@/
score PHISHERMEN 5.0
Don't use the body ruletype.. SA removes all HTML tags before running body.
Use uri instead of body.
It also seems you're just going to catch any URL which has a username involved, but it's tough for me to follow that regex without caffeine...
Why not just look for the malware codes directly? (ie: the %01)
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
