> -----Original Message-----
> From: mouss [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 20, 2006 6:12 PM
> To: SpamAssassin
> Subject: Re: FP: URI_NOVOWEL
>
>
> Theo Van Dinter wrote:
> > On Tue, Sep 19, 2006 at 10:58:46PM +0200, mouss wrote:
> >
> >> URI_NOVOWEL fires with things like href="" where id is
> a string that
> >> starts with 7 "no-vowel" chars.
> >>
> >> uri URI_NOVOWEL
> m%^https?://[^/?]*[bcdfghjklmnpqrstvwxz]{7}%i
> >> uri URI_NOVOWEL
> m%^https?://[^/?\#]*[bcdfghjklmnpqrstvwxz]{7}%i
> >>
> >> is this correct?
Well I changed the RE a bit for testing:
uri URI_NOVOWEL /https?\:\/\/[^\/?\#]*[bcdfghjklmnpqrstvwxz]{7}/i
describe URI_NOVOWEL testing for MOUSS
score URI_NOVOWEL 0.75
Initial tests show a few problems...(verified ham hits)
http://www.phpwcms.....
http://trkcnfrm......
http://BlankBkgrd....
http://SearchSQLS.....
http://www.astdhpph.....
http://libctxssl.......
http://sccrmxc.......
http://pluginsnppdf.......
It does however have some potential,
Spam hits: 400 Ham hits: 3 S/O: 0.889
Spam hits: 1747 Ham hits: 6 S/O: 0.987
Spam hits: 2754 Ham Hits: 4 S/O: 0.997
Spam hits: 1976 Ham Hits: 15 S/O: 0.975
Hope that helps a bit!
(For some reason I'm being rejected to posting to SAUSERs with a 500: PHISH elsewhere. Please reply to the list with this for others to see. I'm trying to get it resolved.)
Thanks,
Chris Santerre
SysAdmin and Spamfighter
www.rulesemporium.com
www.uribl.com
