Am 03.11.2014 um 22:55 schrieb John Hardin:
On Mon, 3 Nov 2014, Quanah Gibson-Mount wrote:--On November 3, 2014 at 7:52:10 AM -0800 John Hardin <jhar...@impsec.org> wrote:On Mon, 3 Nov 2014, Reindl Harald wrote: > in fact we can kill them all by a single rule and so extend it to future > filenames or foldernames > > uri RH_URI_MLW_ZEROHOUR > /\/(dropbox|googlebox|banking)\/(document|doc|invoice)\.php$/ > score RH_URI_MLW_ZEROHOUR 100 Adding a tuned version of this to my sandbox right now.Care to share the tuned version?My rule sandbox is publicly visible via the project SVN browser... http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/ But there are signs that this is too quickly-mutating for a standard rule maintained by sa-update to be useful
yes, but i guess reporting mutations in this thread after someone faces the next version could be a great improvment - the last 3 versions catched minutes later another messages to users here
signature.asc
Description: OpenPGP digital signature
