> > I'm getting a bit of HTML spam with lines like > > > > right" face=Arial> w </FONT> > > > > To catch this style of obfuscation, I did two rules, > > being unsure how to escape the carets: > > > > rawbody htmlobscu1 /\>\s*\w\s*\<\// > > rawbody htmlobscu2 />\s*\w\s*<\// > > Hmm... from the looks of it, htmlobscu2 should work. > > In the original source, are there any line-breaks in the sequence? > ie: > > right" face=Arial> w > </FONT>
No, this is all on one line. I am aware that rawbody parses line by line unlike body rules. So in principle you don't need to escape the carets? Regs, Sven ---------------------------------------------- BAGHUS GmbH EDV und Internetdienstleistungen Staffelseestrasse 2 81477 München Tel.: +49 (0) 89 / 5 48 01 66 - 0 Fax.: +49 (0) 89 / 5 48 01 66 - 99 www.baghus.net, [EMAIL PROTECTED] HRB: 144283, USt-IdNr: DE224865405 ---------------------------------------------- BAGHUS Anti-Spam Support Bundle Informationen unter: www.baghus.net/antispam
