Jean-Paul Natola wrote:
> Here’s an intelligent html coder
>
>
>
> I viewed the source of the code because I was curious as to how these
> words flew right through my SA ,
>
>
>
> You will note that if turned into plain text , he used a bunch of
> tables and cells to produce the following;
Try this on for size:
body L_COLUMN_VIAG
/\bv(?:\s\w){4,6}\si(?:\s\w){4,6}\sa(?:\s\w){4,6}\sg(?:\s\w){4,6}\sr(?:\s\w){4,6}\sa\b/i
describe L_COLUMN_VIAG looks like a column-obfuscated v-pill ad
score L_COLUMN_VIAG 0.1
Warning: new rule, not well tested, hence the limited score. I just placed this
on my live server to see how it behaves.
Of course, there are some limitations to this rule that a spammer can use to get
around it, but the general concept of the new gap clause of (?:\s\w){4,6}\s can
be adapted to catch future variants with different table attributes.
