Philip Prindeville wrote:
What about flagging HTML that has:
a href=.* onMouseOver=window.status
I.e. any links that attempt to intercept onMouseOver events and override
the status window should be flagged as suspect...
-Philip
Actually, this seems to work:
rawbody L_PHISH
Philip Prindeville wrote:
Actually, this seems to work:
rawbody L_PHISH /[aA] [hH][rR][eE][fF]=.*
(onMouseOver|onMouseMouse)=window\.status=/
describe L_PHISHTest for PHISH overwrites the status bar
score L_PHISH 6.0
I suppose I could beef it
Kelson wrote:
Philip Prindeville wrote:
Actually, this seems to work:
rawbody L_PHISH /[aA] [hH][rR][eE][fF]=.*
(onMouseOver|onMouseMouse)=window\.status=/
describe L_PHISHTest for PHISH overwrites the status bar
score L_PHISH 6.0
I suppose I
What about flagging HTML that has:
a href=.* onMouseOver=window.status
I.e. any links that attempt to intercept onMouseOver events and override
the status window should be flagged as suspect...
That would be nice, but spammers learned long ago (after I wrote rules for
those things) that all
On Thu, Mar 09, 2006 at 09:38:57PM -0800, Loren Wilton wrote:
That would be nice, but spammers learned long ago (after I wrote rules for
those things) that all you need to do is break the html over two lines and
SA can't catch it, because rawbody can only work on one line at a time.
Just to
