On Tuesday, February 06, 2007 12:31 AM +0100 "Chr. v. Stuckrad"
<[EMAIL PROTECTED]> wrote:
So what really will be needed, would be a combination of
Rules for 'illegal hostname in url' and something like
the URIBLS to catch 'sytactically legal looking' obfuscations.
(if such a thing is feasible)
What about a meta rule that combines "string does not resolve" (ie. by DNS
lookup of the raw, obfuscated URL) and the presence of the words "remove"
or "replace"?
You could also have a plugin that saves away illegal characters found in a
domain string and looks for one of those characters within some distance of
the URL in the message.
