On Sat, 2007-01-27 at 14:35 +0000, --[ UxBoD ]-- wrote:
> On Sat, 27 Jan 2007 12:25:12 +0000
> Nigel Frankcom <[EMAIL PROTECTED]> wrote:
>
> > On Sat, 27 Jan 2007 11:49:03 +0000, "--[ UxBoD ]--"
> > <[EMAIL PROTECTED]> wrote:
> >
> > >Sorry for asking as I am sure that it has already been covered. But
> > >if there a rule for the new spate of drug SPAM where the URL has
> > >"Remove "*" to make the link working!" in it ?
> > >
> > >Thanks,
> >
> >
> > This was suggested to me yesterday...
> >
> > http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
> >
> > Bayes training helps too.
> >
> > Kind regards
>
> I am already using KAM.cf but it has not caught one yet :(
Just as a friednly note, the normal procedure is to check the mailing
list archives when first joining to see if the subject of interest has
been discussed recently before posting a query. As you suspect, it has
been discussed at length over the last several days.
Here's a suggestion from Henrik Krohns. I use this with good success.
uri HK_OBFDOM /^https?:\/\/ [a-z0-9._-]*? (?: [^a-z0-9._':[EMAIL PROTECTED]/-]
| :[^0-9] ) (?: .*?\/ | .*?[a-z]$ ) /ix
describe HK_OBFDOM Domain contains illegal characters
score HK_OBFDOM 3.5
body __hk_obfdomreq1 /\b(?:remove|replace)\b/i
body __hk_obfdomreq2 /(?:\bdomain\b|\baddress\b|"[^"]"|'[^']')/i
#meta HK_OBFDOMREQ (HK_OBFDOM && __hk_obfdomreq1 && __hk_obfdomreq2)
meta HK_OBFDOMREQ (HK_OBFDOM && __hk_obfdomreq1)
describe HK_OBFDOMREQ Request to modify obfuscated domain
score HK_OBFDOMREQ 2
(Be sure to fix any wrapped lines.)
-Bill
