On Aug 5, 2014, at 11:16 AM, John Hardin <jhar...@impsec.org> wrote:
> It can hit on embedded phone numbers, which are, strictly speaking, valid > hexadecimal strings... > I suspect it's hitting on all those dates as well, and needs some more > tightening. In the spams I’m looking at, all the hex strings are 32 characters. How long were they in Joe’s samples (no longer on pastebin)? Joe was concerned about the performance of my regex (because of all the .*’s), but it can search through my /var/mail in 5 seconds; the __HEXHASHWORD_S2EU regex takes over 9.
