On Wed, 2009-07-15 at 13:53 -0400, Charles Gregory wrote:
> I recently posted a revised rule for detecting the [SNIPPED] spams
> with a PerlRC "negative look-ahead assertion" (?!).
>
> body =~ /(?!www\.[a-z]{2,3}[0-9]{2,3}\.(com|net|org))
^^^^^^^^
This is invalid.
> www[^a-z0-9]{1,9}([a-z]{2,3}|pill|meds|shop)
> [0-9]{2,3}[^a-z0-9]{1,9}(c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)/i
>
> Excuse the line breaks to fit e-mail 80 cols. Not in rule, obviously...
>
> For some reason, this rule is not 'triggering' as it should. Example:
> This triggers on the 'bare' rule, but not on the rule with the look-ahead.
> Am I missing something about the functioning of the look-ahead code?
The RE, if properly used as a body rule, works for me -- both with and
without the negative look-ahead exonerating a non-obfuscated URI.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
