On Wed, 25 Mar 2009, John Hardin wrote:
> On Wed, 25 Mar 2009, Giampaolo Tomassoni wrote:
> > So why this actually works to me?
> >
> > rawbody LARGETABLE
> > m'<tr\W(?:[^<]|<(?!t[dr]\W))*(?:<td\W(?:[^<]|<(?!t[rd]\W))*){30,}</tr'is
Then the documentation appears to be out of date. From
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html:
rawbody SYMBOLIC_TEST_NAME /pattern/modifiers
The text will be decoded from base64 or quoted-printable encoding, but HTML
tags and line breaks will still be present. The pattern will be applied
line-by-line.
Yeah, the documentation lies. multiline rawbody works just fine in 3.2.x
Sigh. foot > mouth
So:
rawbody __WIDETABLE
m'<tr\W(?:[^<]|<(?!t[dr]\W))*(?:<td\W(?:[^<]|<(?!t[rd]\W))*){30,}</tr'is
tflags __WIDETABLE multiple
meta BIGTABLE (__WIDETABLE > 4)
uri URI_SPACES_LIVE /\bspaces\.live\.com\b/
meta HTML_GRID_OBFU_LIVE (BIGTABLE && URI_SPACES_LIVE)
score HTML_GRID_OBFU_LIVE 3
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
