You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/06/03 15:05:33 UTC
[Bug 4386] New rule suggestion: detect mismatched URIs and onMouseOver
http://bugzilla.spamassassin.org/show_bug.cgi?id=4386
------- Additional Comments From dpoon@ocf.berkeley.edu 2005-06-03 06:05 -------
I'd like to suggest this regex as a starting point for a rule:
/\<\s*a\b[^>]*\bhref\s*=\s*"?http(s?:\/\/[^\s">]+)[^\s">]*\>\s*(?:<(?!\/a\b)[^>]*>)*\s*http(?!\1)/i
The onmouseover status is harder to catch. I've also seen phish attempts of the form
<form action="http://realurl">
<input type="submit" value="http://displayurl">
</form>
To catch that case, I propose this rule:
/\<\s*form\b[^>]*\baction="?http(s?:\/\/[^\s">]+)[^\s">]*\>\s*(?:<(?!\/form\b)[^>]*>)*\s*\<
\s*input\b[^>]*value\s*=\s*"?http(?!\1)/i
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.