From: "Rob Mangiafico" <[EMAIL PROTECTED]>
On Mon, 31 Jul 2006, Derek Harding wrote:rawbody INLINE_IMAGE /src\s*=\s*["']cid:/i describe INLINE_IMAGE Inline Images score INLINE_IMAGE 1.5 I haven't tested this against the SA corpus so YMMV.Anyone else find this to be a good rule to catch these image stock spams without too much collateral damage?
Unless it is hidden in SARE rules some place I have not tried it. That
would likely detect ANY embedded image, which would be bad.
{^_^}
