I've been having a play with the two rules mentioned, this seems to work
for me:
header __LOC_DIGITS_FROM From:name =~ /\.\d{7,8}$/
body __LOC_DIGITS_CONFUSER / (\d){7,8} .{1,250} ([0-9a-f]{32})
.{1,250}[\g1|\g2].{1,250}[\g1|\g2]/
Joining these together in a meta rule seems to be picking up the emails
I expect them to.
On 05/08/14 19:40, Andy Balholm wrote:
On Aug 5, 2014, at 11:16 AM, John Hardin <[email protected]> wrote:
It can hit on embedded phone numbers, which are, strictly speaking, valid
hexadecimal strings...
I suspect it's hitting on all those dates as well, and needs some more
tightening.
In the spams I’m looking at, all the hex strings are 32 characters. How long
were they in Joe’s samples (no longer on pastebin)?
Joe was concerned about the performance of my regex (because of all the .*’s),
but it can search through my /var/mail in 5 seconds; the __HEXHASHWORD_S2EU
regex takes over 9.
--
Paul Stead
Systems Engineer
Zen Internet
