> > uri KAM_URIPARSE /(\%0[01]|\0).*\@/i > > Thanks for the information about uri. > It appears your gex is different then mine, where I only match if 01 or 00 > next to the @ you match if %01 or %00 are anywhere in email. > Does your regex grab some exploits that my regex misses?
Mine is just simpler. Because I did a URI test, SA is only going to pass it URI's. Your test is more appropriate for say a BODY or SUBJECT test. You can assume with a URI test you are going to have a URI. I think it's a question if the http is needed to perform the exploit. > >> uri IE_ADDRESS_SPOOF_EXPLOIT /^https?\:\/\/[^\/\s].*%0[1|0]@/ Regards, KAM _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
