Hi all,
Me happy :-D
It works as expected for simple rules.
For example, to get rid off my problem with youtube links I had this
simple rule:
uri_detail Z_URIDETAIL_UTUBE_SPOOF raw !~ /youtube\./ text =~
/(https?://)?(www\.)?youtube\./ type =~ /^a$/
score Z_URIDETAIL_UTUBE_SPOOF 10.0
This is working great on my small FNs and FPs corpus. Very interesting
infos when runing debug mode, letting you know precisely what is
compiled and what matches.
Note the regex in "text" part, wich should prevent a false positive on
link like:
<html>Hey my friend, check out my <a href=3D"http://www.youtube.com/wa=
tch?v=3D3VvOFqaHbL5&">personal videos</a></B><BR></html>
For the moment, faked links are detected, valid one are not. Even when
adding a valid link in a spammy e-mail it works, letting me great hope
for "basic" detection of phishes (bank accounts).
I will develop some rules for my particular spams, including banks.
Those could be added to SA corpus I think, to catch verry short spams
(one liners with fake URI)
I will also try to see if more complex rules are working. Of course,
I'll let the list know if I'm successful or not.
Alex, from prypiat.
Yes, I recycle.
On 12-09-26 06:48 AM, Axb wrote:
> On 09/26/2012 12:46 PM, Martin Gregorie wrote:
>> On Wed, 2012-09-26 at 12:05 +0200, Axb wrote:
>>> have you looked at the URIDetail plugin ?
>>>
>> I didn't know it existed until now, but it looks useful. It looks as if
>> it can easily solve the OP's problem too.
>>
>> Martin
>
>
> If you could create a couple of (working) sample rules, we could add
> to SA documentation and to the SA ruleset (for masscheck)
>
> Thanx
>
> Axb
>
