Chris Santerre wrote:
>> Bob Apthorpe wrote:
>> Question #1: Isn't there a ruleset in 2.63 (stock or SARE) that flags
>> such exhuberant use of entities?
>
> Just weeds.
Booo! Chris, I wrote a small set for these too!
It's part of my rawbody collection of rules,
## Catch strings like 0{ etc.
rawbody FR_HEX_BODY_10 /(?:\&\#\d{2,5};){10,20}/
rawbody FR_HEX_BODY_20 /(?:\&\#\d{2,5};){20,30}/
rawbody FR_HEX_BODY_30 /(?:\&\#\d{2,5};){30,40}/
score FR_HEX_BODY_10 0.75
score FR_HEX_BODY_20 1.75
score FR_HEX_BODY_30 2.5
mass-check results,
OVERALL SPAM HAM S/O SCORE NAME
109169 88736 20433 0.813 0.00 0.00 (all messages)
432 429 3 0.971 0.90 0.50 FR_HEX_BODY_30
952 943 9 0.960 0.87 0.50 FR_HEX_BODY_10
459 454 5 0.954 0.86 0.50 FR_HEX_BODY_20
The ham hits were discussion about hiding e-mail addresses in html source
code using this technique.
