Hey Mike, > -----Original Message----- > From: MIKE YRABEDRA > Sent: Wednesday, November 19, 2003 8:55 AM > To: SPAMASSASSIN > Subject: Re: [SAtalk] <font color="#FFFFFF"> > > > on 11/17/03 3:13 PM, Michael Weber at [EMAIL PROTECTED] wrote: > > > I've had a rule filtering out that font color for several > > > months with no complaints. I tag it with the description "Spammers > > favorite color" > > ;-) > > > Is this the proper way to do this? > > body WHITE_FONT /font color=\"#ffffff\"/i > describe WHITE_FONT Uses White Font Tag > score WHITE_FONT 5.000
The body check will preprocess the message and remove the HTML tags. I would suggest the rawbody test. My test looks like: describe MY_RBDY_INVSTXT MY: Invisible text color rawbody MY_RBDY_INVSTXT /<font\s?.* color=("?\#?FFFFF[0-9A-F]"?|"?white"?).*>/i score MY_RBDY_INVSTXT 2.0 The class [0-9A-F] will catch a spammer trying to obfuscate the white font with near white shades. I don't know if the rawbody line will wrap or not. Outlook tends to munge long lines. There should be *no* wraps (line breaks) in the lines. This test will produce minor FPs on some solicited advertising like Travelocity.com notifications and the like. It will also produce some FPs on some of those usless jokes relatives tend to send. ;) Sometimes they will use something like a blue background with white lettering. However, the FPs on the test occur no where near as often as spam. A great source for rules is: http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm --Larry ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk