I'm attaching the original spam message as is (in Outlook .msg format). You'll be able to see my SA full report in the headers. I don't think it would matter much because in my posting here I put the original HTML HREF tag that includes the URI that should be caught.
On 8/29/05, Craig McLean <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Daryl C. W. O'Shea wrote: > | Craig McLean wrote: > | > |> -----BEGIN PGP SIGNED MESSAGE----- > |> Hash: SHA1 > |> > |> 3.1.0-rc1 nailed it to the wall. > |> > |> Craig. > | <...> > |> domain > |> | 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL > |> blocklist > |> | [URIs: moonboard.info] > | > | Did you detect that with a redirector_pattern? I don't see that > | detected with a stock 3.1.0-rc1 here (no hint of it when SA is run with > | -Duri). > > This is stock 3.1.0-rc1 with some of the SARE rulesets. If you let me > have the original message you got (munged headers if necessary) I'll try > running the whole thing through, see what hits. > > Craig. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFDEvQiMDDagS2VwJ4RAjcTAKCkSBWvq48UJFbeUFI91T0ViUPvDwCfSWLT > M3yHQKY/7aLNhTYtIKyjN/M= > =AbUr > -----END PGP SIGNATURE----- > -- Ilan Aisic Registered Linux User 8124 http://counter.li.org
SPAM WSrks Good CIAOS VIAGRRe.msg
Description: Binary data