On 2022-02-08 at 04:28:16 UTC-0500 (Tue, 8 Feb 2022 01:28:16 -0800)
Loren Wilton <lwil...@earthlink.net>
is rumored to have said:
>> No, I added that after observing multiple spams with random garbage after
>> the closing HTML tag in the HTML body part. Presumably it was an attempt at
>> Bayes poison, checksum avoidance, or some other filter evasion technique.
>>
>> I'll tighten it up.
>
> FWIW, here is the rule I use. It obviously could be better, but I haven't
> noticed that it misfires.
>
> full __GOODEHTML1 m'</html>'i
>
> full __GOODEHTML2 m'</html>(?:\s|=0A){0,50}(?:$|--|=)'is # stop on mime
> ending boundary
TANGENTIAL:
I would advise against using such alternative regex syntax in rules. As you
obviously figured out, you CAN (for now...) use any valid Perl syntax for
writing a regex match, but I do not believe that we want to bless that as
something which will never break.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
