On Mon, 24 Jul 2006, Daryl C. W. O'Shea wrote: > > <a target="_parent" > > href="http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://1092229727:9999/https-www.paypal.com/webscrr/index.php";>Click > > here to cancel your new email > > address</a> > > Being a simple visible redirector, SA actually does detect it: > > [7375] dbg: uri: cleaned html uri, > http://1092229727:9999/https-www.paypal.com/webscrr/index.php > [7375] dbg: uri: html domain, google.com
Ah, good. I assume that means the redirector_pattern I suggested is not necessary? > The problem is that SA doesn't then go on to do checks on the IP > 1092229727 (CPE-65-26-26-95.kc.res.rr.com [65.26.26.95]) like it > would if it was in dotted-quad notation. Thus the hit on Sorbs' > DUHL is avoided. > > This is definitely a bug. Please open a bug report and attach a > complete sample to the bug. roger wilco. -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- To prevent conflict and violence from undermining development, effective disarmament programmes are vital... -- the UN, who "doesn't want to confiscate guns" ----------------------------------------------------------------------- Today: The 37th anniversary of Apollo 11 landing on the Moon
