On Sat, 6 Oct 2018, RW wrote:
On Fri, 5 Oct 2018 16:34:51 +0000 Zinski, Steve wrote:Here's how I'm blocking bitcoin emails with Unicode characters embedded: body __BTC1 /\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b/ body __BTC2 /\b\W*b\W*i\W*t\W*c\W*o\W*i\W*n\W*\b/i body __BTC3 /\b\W*b\W*t\W*c\W*\b/i body __BTC4 /\bb[i\x{0456}]t[c\x{0441}][o\x{043E}][i\x{0456}]n\b/i meta LOCAL_BITCOIN ( __BTC1 && ( __BTC2 || __BTC3 || __BTC4 ) ) score LOCAL_BITCOIN 10.0 Works like a charm in my environment.The trouble with this is that you would be adding 10 point to anything with a bitcoin address whether anything's obfuscated or not. If you want to avoid this take a look at the FUZZY_* rules.
The version of this in my sandbox doesn't have that weakness. I did some tuning compared to what Steve proposed.
BTW, Steve, your emails appear to be going to the list multiple times (or is that just me?)
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Show me somebody who waxes poetic about "Being at one with Nature" and I'll show you someone who hasn't figured out that Nature is an infinite stomach demanding to be fed. -- Atomic, at Wapsi forum ----------------------------------------------------------------------- 555 days since the first commercial re-flight of an orbital booster (SpaceX)
