http://bugzilla.spamassassin.org/show_bug.cgi?id=2733
------- Additional Comments From [EMAIL PROTECTED] 2004-05-10 20:38 ------- Created an attachment (id=1947) --> (http://bugzilla.spamassassin.org/attachment.cgi?id=1947&action=view) A possible approach Seconding Michael's comment that the existing check is quite weak. I realize that there may be some exotic cases (or maybe not that exotic - I don't get out much) where CGI arguments to an IMG SRC are valid and not terribly nasty. Danged if I can think of any, though. Attaching a patch with my hack on the situation. My approach was: $attr->{src} =~ /\?[^=]+=\b/) ... which may be too broad or heavy-handed for general consumption since it matches any IMG SRC with the question-mark/equals-sign combo. In my bikeshed, no IMG SRC has any business taking CGI arguments, period. Works well for me, YMMV. I disagree with Michael's suggested scoring, though. In my setup HTML_WEB_BUGS only assigned a score of less than 1.0, which was far too low... and to make this pattern lower would be wrong, IMO. Then again, in my situation HTML_WEB_BUGS has a value of 5.0 - there is no non-spam email I receive that should behave this way, and yes I got myself added to heaven knows how many porn-spam whitelists because I didn't catch this earlier. (Yes, I use an HTML-aware mail client, yes I load off-site images, don't go there, it's too late at night for me to defend myself properly...) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
