spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gregorie <mar...@gregorie.org>
Subject Re: Custom rule problem
Date Tue, 31 Jan 2017 20:20:55 GMT
On Tue, 2017-01-31 at 11:53 -0800, John Hardin wrote:
> On Tue, 31 Jan 2017, Zinski, Steve wrote:
> 
> > Here’s the “view source” of the message in question.
> >
> > http://pastebin.com/AnwkAf9t
> >
> > Again, it’s line 88 that I’m trying to match.
> 
> ...let's try this again...
> 
> A uri rule hits that here:
> 
> Jan 31 09:21:07.423 [21842] dbg: rules: ran uri rule __ALL_URI
> ======> got hit: "http://trc.spam_domain_redacted.com/redirect.php?em
> ail=redacted@uronline.net"
> 
> It also hits an existing rule:
> 
> Jan 31 09:21:07.525 [21842] dbg: rules: ran rawbody rule __BUGGED_IMG
> ======> got hit: "<img src="http://trc.spam_domain_redacted.com/redir
> ect.php?email=re"
> 
Like John, the text you posted hits one of my private rules when fed
through my rule testing and development environment. This is a metarule
that fires if a URI subrule finds a PHP script reference OR a BODY
subrule finds a PHP script reference preceded and followed by O-32 non-
whitespace characters.

So, questions:

- how did you capture the text you posted, 
  i.e. is it exactly the same as SA would have seen?

- did you restart SA before running each of the tests you describe?
  Every so often I forget that and then waste time with head scratching
  until I remember to restart SA. 


Martin


Mime
View raw message