You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/06/03 15:05:33 UTC

[Bug 4386] New rule suggestion: detect mismatched URIs and onMouseOver

http://bugzilla.spamassassin.org/show_bug.cgi?id=4386





------- Additional Comments From dpoon@ocf.berkeley.edu  2005-06-03 06:05 -------
I'd like to suggest this regex as a starting point for a rule:

/\<\s*a\b[^>]*\bhref\s*=\s*"?http(s?:\/\/[^\s">]+)[^\s">]*\>\s*(?:<(?!\/a\b)[^>]*>)*\s*http(?!\1)/i


The onmouseover status is harder to catch.  I've also seen phish attempts of the form
  <form action="http://realurl">
    <input type="submit" value="http://displayurl">
  </form>

To catch that case, I propose this rule:

/\<\s*form\b[^>]*\baction="?http(s?:\/\/[^\s">]+)[^\s">]*\>\s*(?:<(?!\/form\b)[^>]*>)*\s*\<
\s*input\b[^>]*value\s*=\s*"?http(?!\1)/i



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.