On Sat, 03 Feb 2007 07:15:39 +0000, Nigel Frankcom <[EMAIL PROTECTED]> wrote:
>On Sat, 03 Feb 2007 07:13:08 +0000, Nigel Frankcom ><[EMAIL PROTECTED]> wrote: > >>On Fri, 2 Feb 2007 21:40:32 -0500, Theo Van Dinter >><[EMAIL PROTECTED]> wrote: >> >>>On Fri, Feb 02, 2007 at 06:33:40PM -0800, Kenneth Porter wrote: >>>> If I read this right, it looks for an illegal domain character in the >>>> domain component after the first dot. The new pattern puts a % after the >>>> second dot. >>> >>>fwiw, I put in a new test version which will catch the latest obfuscation, >>>and I'm sure we can look forward to it changing again shortly. I don't >>>really feel it's worthwhile, but if there isn't a rule there's a ton >>>of discussion on the list about why there isn't a rule, and I'm tired >>>of arguing. >> >>body Test_01 /remove \"\*|\%|\!\"/i >>score Test_01 4.0 >>describe Test_01 Test remove asterisk for URL spams >> >> >>Pretty simple. just add in the characters as you see them e.g. |/^ >> >>Untested on mass and what will inevitably a high maintenance rule as >>the Remove portion of the mails change... but it works >> >>Kind regards >> >>Nigel > > >err |\^ > >It's early - not very awake yet :-D and oops #2 the | doesn't work as expected :-/ This does tho... > >body Test_01 /remove \"\*\"/i | /remove \"\%\"/i | /remove \"\!\"/i >score Test_01 4.0 >describe Test_01 Test remove asterisk for URL spams Watch for line breaks Not mass checked. lint's clean here. Feedback and/or suggestions appreciated. Kind regards Nigel
