On Thu, 17 Dec 2015, Axb wrote:
On 12/17/2015 10:38 PM, John Hardin wrote:
And this in my sandbox, with a different pattern:
uri __GOOG_MALWARE_DNLD
m;^https?://[^/]*\.google\.com/[^?]*url\?.*[\?&]download=1;i
I will broaden that a bit.
could you make a version using redirector_pattern so the redirected target
can be looked up via URIBL plugin?
Whoops! Sure, I will do that.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
8 days until Christmas