I'm getting a bit of HTML spam with lines like
right face=Arial w /FONT
To catch this style of obfuscation, I did two rules,
being unsure how to escape the carets:
rawbody htmlobscu1 /\\s*\w\s*\\//
rawbody htmlobscu2 /\s*\w\s*\//
Hmm... from the looks of it,
On Wed, Aug 30, 2006 at 08:21:00AM +0200, Sven Riedel wrote:
rawbody htmlobscu2 /\s*\w\s*\//
So in principle you don't need to escape the carets?
FWIW, you would have to escape carets (^) because it has a special
meaning in regular expression. However, and aren't carets and
you
Sven Riedel wrote:
Hi,
I'm getting a bit of HTML spam with lines like
right face=Arial w /FONT
To catch this style of obfuscation, I did two rules,
being unsure how to escape the carets:
rawbody htmlobscu1 /\\s*\w\s*\\//
rawbody htmlobscu2 /\s*\w\s*\//
both with scores and
