jhardin-impsec commented on PR #20:
URL: https://github.com/apache/spamassassin/pull/20#issuecomment-3444690113
Are there any valid ten-digit phone number formats or cultures where an
underscore is allowed or expected as a separator? I would think that using an
underscore as a separator _is_ likely an attempt to obfuscate a phone number
against naïve pattern matching because a dash is much more likely.
I've seen periods as separators _fairly_ frequently, might also want to work
in exclusion of `\d{3}\.\d{3}\.\d{4}`
As long as we're modifying this rule, I'd suggest that the `+` and `*`
should be replaced with bounded repetition counts like `{1,30}` and `{,30}` to
avoid runaway backtracking failures or overly-aggressive false detection of
things that don't even _look_ like a phone number.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
