Hello, I'm seeing some SPAM that has odd href tags like the following:
align="center"><a hrefShanghaishref=http://cowerers.com href= "http://www.nungim.com/?ai=7030 "> <img border="0" src= "http://www.olivegrovetree.com/0/11/11-2.jpg"; </a></p> I'm not sure what the spammer gains by the odd href tag, but I would like to create a rule to catch it when it is used. I've tried: rawbody CTS_HREF /\bhref[a-z]\b/i rawbody CTS_HREF /\Whref[a-z]\W/i and the same with body instead of rawbody - with no results. Ideally the rule would look for href followed by anything other than = or space. Al
![http://www.olivegrovetree.com/0/11/11-2.jpg"](http://www.olivegrovetree.com/0/11/11-2.jpg"){kind=link}