On Fri, 2004-02-20 at 06:26, Chris Santerre wrote:
> > >
> > http://lists.roaringpenguin.com/pipermail/mimedefang/2004-Febr
> > uary/020188.html
> > >
> > http://lists.roaringpenguin.com/pipermail/mimedefang/2004-Febr
> > uary/020203.html
> >
> > Any rules to catch this trick?
> I saw this as a direct attempt to foil Bigevil and similar URL marking
> rules. Like Bayes poison (fodder) they are trying to mess up automated
> scripts from harvesting the correct URLs to blacklist. But I do these by
> hand, so I only pull out the legit URLs from these spam.
>
> So Short answers is I've not seen a rule for this. But I do have the legit
> URLs in my Bigevil for the ones I do get.
Here's what I'm trying out...
describe OBFUSCATED_BY_LINK Has words obfuscated by hidden HTML links
rawbody OBFUSCATED_BY_LINK /\w<A\s+HREF\s*=[^>]+><\/A>\w/i
score OBFUSCATED_BY_LINK 0.5
describe OBFUSCATED_BY_LINK_2 Has words obfuscated by hidden HTML links
rawbody OBFUSCATED_BY_LINK_2 /^\s*HREF\s*=[^>]+><\/A>\w/i
score OBFUSCATED_BY_LINK_2 0.2
--
John Hardin KA7OHZ
Internal Systems Administrator/Guru voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute an
emergency on my part.
- David W. Barts in a.s.r
-----------------------------------------------------------------------
10 days until ICQ Corp goes away - have you installed Jabber yet?
