Simple example:
body REMOVE_OBFUSCATE
/(Rem(o|0)ve|Delete).{0,10}y(o|0)ur.{0,10}(e[-]?mai(l|1)|address)/i
describe REMOVE_OBFUSCATE Remove y0ur e-mail
Above, this pattern will match (among other things):
Remove your e-mail
Rem0ve y0ur e-mai1
where the second string has been obfuscated by replacing 'o' with '0' and
'l' with '1'.
Let's say that I think the odds of a spam are higher if the obfuscated form is
used, than when the regular form is used. Can you suggest a way to modify this
pattern
so that the pattern only matches obfuscated uses? Note: to meet my definition
of
obfuscated, only one of the substitutions above must appear. For example,
Remove y0ur e-mail
will suffice as an obfuscated form of "Remove your e-mail".
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
