spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From RW <rwmailli...@googlemail.com>
Subject Re: Sexually explicit URI description test
Date Sat, 08 Jun 2013 14:10:17 GMT
On Sat, 8 Jun 2013 04:13:13 -0700
William Thackrey wrote:

> We've been getting a ton of spam recently that consists only of a
> single sexually explicit link description to an innocuous URI.
> Here's one of the least offensive examples.  Most are very crude.
> 
>     <div><a
> href="http://prayerdancing.ru/15e595b9214bde2904c39f044cc4ec5a/arQE.html">Anime
> cartoon slut gets censored hardcore</a></div>
> 
> I've written a rule which fires on this content - at least the regex
> works in my regex testing tool.
> 
>     body
> SEX_IN_URI  /href.{0,100}(various|sexually|explicit|target|words|here|censored|etc)/i
> describe SEX_IN_URI Sexually explicit wording in href
> 
> It doesn't seem to be working in Spamassassin (3.3.2, Perl 5.10.1,
> Scientific Linux 6.2).  Can anyone tell me if I have the syntax
> wrong?  Or does a body test not look into HTML?

The latter. I think what you need is a uri_detail test 

http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Plugin_URIDetail.html

Traditionally this would have been done with rawbody test, but it's
better to avoid those if possible.

Mime
View raw message