We've been getting a ton of spam recently that consists only of a single
sexually explicit link description to an innocuous URI. Here's one of the
least offensive examples. Most are very crude.
<div><a
href="http://prayerdancing.ru/15e595b9214bde2904c39f044cc4ec5a/arQE.html";>Anime
cartoon slut gets censored hardcore</a></div>
I've written a rule which fires on this content - at least the regex works in
my regex testing tool.
body SEX_IN_URI
/href.{0,100}(various|sexually|explicit|target|words|here|censored|etc)/i
describe SEX_IN_URI Sexually explicit wording in href
It doesn't seem to be working in Spamassassin (3.3.2, Perl 5.10.1, Scientific
Linux 6.2). Can anyone tell me if I have the syntax wrong? Or does a body
test not look into HTML?
