Hi,
I'm getting a bit of HTML spam with lines like
right" face=Arial> w </FONT>
To catch this style of obfuscation, I did two rules,
being unsure how to escape the carets:
rawbody htmlobscu1 /\>\s*\w\s*\<\//
rawbody htmlobscu2 />\s*\w\s*<\//
both with scores and descriptions of course. But neither
rule seems to be hitting. What am I doing wrong?
Regs,
Sven
----------------------------------------------
BAGHUS GmbH
EDV und Internetdienstleistungen
Staffelseestrasse 2
81477 München
Tel.: +49 (0) 89 / 5 48 01 66 - 0
Fax.: +49 (0) 89 / 5 48 01 66 - 99
www.baghus.net, info@baghus.net
HRB: 144283, USt-IdNr: DE224865405
----------------------------------------------
BAGHUS Anti-Spam Support Bundle
Informationen unter: www.baghus.net/antispam
|