Hi there,
Using SpamAssassin 2.64, I have found a few cases where the target
domain of a custom rule can not be matched via any of these three rule
types.
The target of my rule is a plain text (non HREF) URL that is
obfusticated in a way that seems to miss my rules.
My rule: (I've have both rawbody and body rules with this same pattern),
but the body rule is what I think should be working.
describe SKM_SPAM_LIST_B_236 SKM Rules
body SKM_SPAM_LIST_B_236 m/jgsgfta\.com/i
score SKM_SPAM_LIST_B_236 50.0
The email in question is Base64 encoded.
The Base64 code decoded text has the URL not as an Href, but as plain
text ... It does have HTML tags placed within the text to break up the
URL when viewing as code.
<font face="Arial, Helvetica, sans-serif"><br>
<br>
<font color="#0000FF"
size="2"><strong>http://www.jg<ksbloatcasualtycoyoteplastisoldiscusskais
eroceanographylevelstonylingeriesubmersiblenightshirtbromfieldbritannicc
redenzaexcretorycentigradelamentationbawddilettantehydrogenateanonymityv
ellaurethracoastal>sgf<a
target="_blank"larmhallmarkhopemicrographytinkermiscreantmacedoniabarbar
ismcorpsmenhabitationdesertinflationaryexpatiateupburkesuperstitiousgrav
itatepuscircabalddoomsdaytrinidadgold>ta.com/index.php?ID=JNL</strong></
font></font><br>
Shouldn't the 'body' type rule remove the HTML markup, so the remaining
text is "http://www.jgsgfta.com/index.php?ID=JNL"; ?
I thought that should be the case, but these messages keep coming
through ...
Any clarification or suggestions would be most appreciated!
Thanks in advance,
Shane
