Spam Assassin pattern help for regular expression

11 Mar 2005 14:02:18 -0000 

Greetings:

While it has never been pleasant, we regularly review spam including the HTML source code behind the spam to help us adjust our system-wide spam tagging rules.

We've noticed a lot of sick porn spam being left untagged.

The tests that raised the score, though not high enough were as follows:

HTML_IMAGE_ONLY_12,HTML_MESSAGE,MPART_ALT_DIFF

These tests are too generic to raise the score higher through customization.

However, I did notice in the HTML source code a common theme:


<IMG src="http://yamanekohm.com/9d70188c4e7971b6d3b1e2fa8/Nf3KZuBf0T/file_name"; alt="rundowns" border="0"><BR>
<IMG src="http://yamanekohm.com/9d70188c4e7971b6d3b1e2fa8/file_name"; border='0'><BR>
<IMG src="http://yamanekohm.com/9d70188c4e7971b6d3b1e2fa8/Y/eZ/file_namef"; alt="ouch" border="0"><BR>

<IMG src="http://tatighk.com/ae3019e288e5a5902958a62de/IWutqQ/filename"; border=0><BR>
<IMG src="http://tatighk.com/ae3019e288e5a5902958a62de/filename"; alt="Antipas" border=0><BR>
<IMG src="http://tatighk.com/ae3019e288e5a5902958a62de/fT66kl/KK0tcw71p/filename"; alt="strengthen" border=0>


<IMG src="http://muoniofgj.net/6481ddc2353481dae6c63affa/YriLMz/filename"; border="0"><BR>
<IMG src="http://muoniofgj.net/6481ddc2353481dae6c63affa/filename"; border='0'><BR>
<IMG src="http://muoniofgj.net/6481ddc2353481dae6c63affa/txU/t1q/filename"; border=0>


Where the common theme appears to be the directory structure right after the domain name.

For the pattern experts out there, is there a way to craft a regular expression to catch the directory pattern used?

Specifically the directory pattern right after the domain name.

Thank you.
________________________________________________
Peter M. Abraham
Support and Customer Care Department
Dynamic Net, Inc.
Helping companies do business on the Net
420 Park Road; Suite 201
Wyomissing  PA  19610
Toll Free Voice:        1-888-887-6727
International:          1-610-736-3795
FAX:                    1-610-736-3798
Support Email:          [EMAIL PROTECTED]
Company Email:  [EMAIL PROTECTED]
Web:                    http://www.dynamicnet.net/
                        http://www.wemanageservers.com/
________________________________________________

Reply via email to