Kevin A. McGrail said: > URI scan system will only pass in url strings and it is theoretical that > IE > will completely parse a URL without the http[s] so I leave that part of > the > scanning to SA. > > uri KAM_URIPARSE /(\%0[01]|\0).*\@/i
Thanks for the information about uri. It appears your gex is different then mine, where I only match if 01 or 00 next to the @ you match if %01 or %00 are anywhere in email. Does your regex grab some exploits that my regex misses? >> uri IE_ADDRESS_SPOOF_EXPLOIT /^https?\:\/\/[^\/\s].*%0[1|0]@/ -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
