On 19-Mar-2009, at 05:41, John Hardin wrote:
On Thu, 19 Mar 2009, LuKreme wrote:
On 19-Mar-2009, at 04:27, John Hardin wrote:
No reason it shouldn't be. I'd suggest something like a rawbody
match on /<object[\s>]/i meta'd with HTML_MESSAGE should be worth
a few (dozen) points.
That seems like a good idea. You have anything?
No, and I'd be concerned about the possibility of false positives.
The fact that SA rules aren't context-sensitive presents a problem
here. You can't reliably distinguish a match between an actual
OBJECT tag and mere discussion of an OBJECT tag (e.g. with syntax
examples), even if you meta it with HTML_MESSAGE.
If it's an html message and it includes an <object tag it's
suspicious. In an html message, a discussion would be <OBJECT
--
Instant karma's going to get you!
