I have a BombRe regex that catches foreign donation solicitations (ivory, kuwait, nigeria, russia, etc) . The regex matches a country name and within a constrained amount of characters will try to match other common spam phrasing.
In this situation, I noticed while searching my maillog for regex effectiveness (which I also confirmed in the mail analyzer); that this BombRe regex is matching against the word "russia" in the subject line, and is wildcard matching across any of the headers found below it and then into the message body. Example header: ~~~~~ Subject: Assistance with Upcoming Law Conference in Russia Date: Thu, 28 Jun 2007 15:15:45 -0700 Message-ID: <[EMAIL PROTECTED]> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: etc, etc... In the mail log: ~~~~~ Bomb: Regex:Bomb 'Russia Date: Thu, 28 Jun 2007 15:' In the analyzer: ~~~~~ • Bomb RE: 'Russia Date: Thu, 28 Jun 2007 15:15:45 -0700 Message-ID: X-MS-Has-Attach: yes X-MS-TNEF-Correlator: etc, etc... (this match continues into the message body) ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
