From: "Chris Santerre" <[EMAIL PROTECTED]>
From: mouss [mailto:[EMAIL PROTECTED]
Theo Van Dinter wrote:
> On Tue, Sep 19, 2006 at 10:58:46PM +0200, mouss wrote:
>
>> URI_NOVOWEL fires with things like href="#id" where id is
a string that
>> starts with 7 "no-vowel" chars.
>>
>> uri URI_NOVOWEL
m%^https?://[^/?]*[bcdfghjklmnpqrstvwxz]{7}%i
>> uri URI_NOVOWEL
m%^https?://[^/?\#]*[bcdfghjklmnpqrstvwxz]{7}%i
>>
>> is this correct?
Well I changed the RE a bit for testing:
uri URI_NOVOWEL /https?\:\/\/[^\/?\#]*[bcdfghjklmnpqrstvwxz]{7}/i
describe URI_NOVOWEL testing for MOUSS
score URI_NOVOWEL 0.75
Initial tests show a few problems...(verified ham hits)
http://www.phpwcms.....
http://trkcnfrm......
http://BlankBkgrd....
http://SearchSQLS.....
http://www.astdhpph.....
http://libctxssl.......
http://sccrmxc.......
http://pluginsnppdf.......
It does however have some potential,
Spam hits: 400 Ham hits: 3 S/O: 0.889
Spam hits: 1747 Ham hits: 6 S/O: 0.987
Spam hits: 2754 Ham Hits: 4 S/O: 0.997
Spam hits: 1976 Ham Hits: 15 S/O: 0.975
Hope that helps a bit!
(For some reason I'm being rejected to posting to SAUSERs with a 500: PHISH
elsewhere. Please reply to the list with this for others to see. I'm trying
to get it resolved.)
Thanks,
Chris Santerre
Apache.org may have their spf configuration hosed. Messages come back
to me from this list with some rather enigmatic SPF comments. First it
says I pass then it says I fail.
{^_^}
