Good afternoon. I'm seeing an increase in spam/phishing that is utilizing Google Docs. I see a rule that seems to be intended to flag certain Google Docs related URLs, but not the ones I'm seeing.
72_active.cf:uri __URI_GOOGLE_DOC m,^https?://docs\.google\.com/(?:[^/]+/)*view(?:form)?\?(?:id|formkey)=,i The URLs I'm seeing don't match that regex. They all appear to have the following prefix: https://docs.google.com/document/d/e/ I think it might be useful to update the pattern to something like the following, so it could be used by other meta rules, but thought I'd check with the community first: m,^https?://docs\.google\.com/(?:[^/]+/)*(?:view(?:form)?\?(?:id|formkey)=|document),i Thoughts or opinions?
