rule which bgcolor is not white?

[sb ch <ch...@hotmail.com>]

Hello, all.

I think that html mail which bgcolor is not white is probably spam.
So I made a rule like this.
this rule is right?

body   __BODY_XXXX_BGCOLOR     /bgcolor/i
body   __BODY_XXXX_BGCOLOR2    /white/i || /FFFFFF/i
meta     XXXX_IMAGE_BGCOLOR   (__BODY_XXXX_BGCOLOR && 
!__BODY_XXXX_BGCOLOR2)
score    XXXX_IMAGE_BGCOLOR   4

Please recommed better rule.

and html mail which image border is not 0 is probably spam too. 
How can I make this rule?


Thanks in advance for your help.

_________________________________________________________________
확인하자. 오늘의 운세 무료 사주, 궁합, 작명, 전생 가이드   
http://www.msn.co.kr/fortune/default.asp  

Re: rule which bgcolor is not white?

[Jesse Houwing <j....@rulesemporium.com>]

sb ch wrote:

> Hello, all.
>
> I think that html mail which bgcolor is not white is probably spam.
> So I made a rule like this.
> this rule is right?
>
> body   __BODY_XXXX_BGCOLOR     /bgcolor/i
> body   __BODY_XXXX_BGCOLOR2    /white/i || /FFFFFF/i
> meta     XXXX_IMAGE_BGCOLOR   (__BODY_XXXX_BGCOLOR && 
> !__BODY_XXXX_BGCOLOR2)
> score    XXXX_IMAGE_BGCOLOR   4
>
> Please recommed better rule.
>
> and html mail which image border is not 0 is probably spam too. How 
> can I make this rule?

There are meta rules in the next version of sare_html (ruleset 1) that 
check for white and near white colors:

rawbody   __SARE_LIGHT_FG_COLOR 
/[^\-a-z]color\s*(?::|=(?:3d)?(?!3d))[\s\'\"\#]*(?![\s\'\"])(?![\s\'\"])(?:\#?(?!ffffff|fff\W)(?:[e-f]{3}\W|(?:[e-f][0-9a-f]){3})|rgb(?:\((?!\s*255\s*,\s*255\s*,\s*255)\s*2[2-5][0-9]\s*,\s*2[2-5][0-9]\s*,\s*2[2-5][0-9]\s*\)|\((?!\s*100\s*%\s*,\s*100\s*%\s*,\s*100\s*%)\s*(?:100|9[0-9]|8[6-9])\s*%\s*,\s*(?:100|9[0-9]|8[6-9])\s*%\s*,\s*(?:100|9[0-9]|8[6-9])\s*%\s*\))|(?:Light(?:Cyan|Yellow)|(?:Ghost|Floral)White|WhiteSmoke|LemonChiffon|AliceBlue|Cornsilk|Seashell|Honeydew|Azure|MintCream|Snow|Ivory|OldLace|LavenderBlush|Linen|MistyRose))/i
rawbody   __SARE_WHITE_FG_COLOR 
/[^\-a-z]color\s*(?::|=(?:3d)?(?!3d))[\s\'\"\#]*(?![\s\'\"])(?![\s\'\"])(?:\#?fff\W|\#?ffffff|rgb(?:\(\s*255\s*,\s*255\s*,\s*255\s*\)|\\s*100\s*%\s*,\s*100\s*%\s*,\s*100\s*%\s*\))|white)/i
rawbody   __SARE_DARK_FG_COLOR  
/[^\-a-z]color\s*(?::|=(?:3d)?(?!3d))[\s\'\"\#]*(?![\s\'\"])(?![\s\'\"])(?:\#?(?!000000|000\W)(?:[01]{3}\W|(?:[01][0-9a-f]){3})|rgb(?:\((?!\s*0\s*,\s*0\s*,\s*0\D)\s*[0-3]?[0-9]\s*,\s*[0-3]?[0-9]\s*,\s*[0-3]?[0-9]\s*\)|\((?!\s*0\s*%\s*,\s*0\s*%\s*,\s*0\s*%)\s*(?:[1-3]?[0-9])\s*%\s*,\s*(?:[1-3]?[0-9])\s*%\s*,\s*(?:[1-3]?[0-9])\s*%\s*\)))/i
rawbody   __SARE_BLACK_FG_COLOR 
/[^\-a-z]color\s*(?::|=(?:3d)?(?!3d))[\s\'\"\#]*(?![\s\'\"])(?![\s\'\"])(?:\#?000\W|\#?000000|rgb\s*\(\s*0\s*,\s*0\s*,\s*0\s*\)|rgb\s*\(\s*0\s*%\s*,\s*0\s*%\s*,\s*0\s*%\s*\)|black)/i

rawbody   __SARE_LIGHT_BG_COLOR 
/(?:bg|background\-)color\s*(?::|=(?:3d)?(?!3d))[\s\'\"\#]*(?![\s\'\"])(?:\#?(?!ffffff|fff\W)(?:[e-f]{3}\W|(?:[e-f][0-9a-f]){3})|rgb(?:\((?!\s*255\s*,\s*255\s*,\s*255)\s*2[2-5][0-9]\s*,\s*2[2-5][0-9]\s*,\s*2[2-5][0-9]\s*\)|\((?!\s*100\s*%\s*,\s*100\s*%\s*,\s*100\s*%)\s*(?:100|9[0-9]|8[6-9])\s*%\s*,\s*(?:100|9[0-9]|8[6-9])\s*%\s*,\s*(?:100|9[0-9]|8[6-9])\s*%\s*\))|(?:Light(?:Cyan|Yellow)|(?:Ghost|Floral)White|WhiteSmoke|LemonChiffon|AliceBlue|Cornsilk|Seashell|Honeydew|Azure|MintCream|Snow|Ivory|OldLace|LavenderBlush|Linen|MistyRose))/i
rawbody   __SARE_WHITE_BG_COLOR 
/(?:bg|background\-)color\s*(?::|=(?:3d)?(?!3d))[\s\'\"\#]*(?![\s\'\"])(?:\#?fff\W|\#?ffffff|rgb(?:\(\s*255\s*,\s*255\s*,\s*255\s*\)|\(\s*100\s*%\s*,\s*100\s*%\s*,\s*100\s*%\s*\))|white)/i
rawbody   __SARE_DARK_BG_COLOR  
/(?:bg|background\-)color\s*(?::|=(?:3d)?(?!3d))[\s\'\"\#]*(?![\s\'\"])(?:\#?(?!000000|000\W)(?:[01]{3}\W|(?:[01][0-9a-f]){3})|rgb(?:\((?!\s*0\s*,\s*0\s*,\s*0\D)\s*[0-3]?[0-9]\s*,\s*[0-3]?[0-9]\s*,\s*[0-3]?[0-9]\s*\)|\((?!\s*0\s*%\s*,\s*0\s*%\s*,\s*0\s*%)\s*(?:[1-3]?[0-9])\s*%\s*,\s*(?:[1-3]?[0-9])\s*%\s*,\s*(?:[1-3]?[0-9])\s*%\s*\)))/i
rawbody   __SARE_BLACK_BG_COLOR 
/(?:bg|background\-)color\s*(?::|=(?:3d)?(?!3d))[\s\'\"\#]*(?![\s\'\"])(?:\#?000\W|\#?000000|rgb\s*\(\s*0\s*,\s*0\s*,\s*0\s*\)|rgb\s*\(\s*0\s*%\s*,\s*0\s*%\s*,\s*0\s*%\s*\)|black)/i

rawbody   __SARE_HAS_BG_COLOR    /(?:bg|background\-)color\s*(?::|=)/i
rawbody   __SARE_HAS_FG_COLOR    /[^\-a-z]color\s*(?::|=)/i

Watch the wrapping! These should help.

Example rules that would work with these are:

meta      SARE_HTML_CLR_L_ON_W     ( __SARE_LIGHT_FG_COLOR ) && 
!__SARE_WHITE_FG_COLOR && !__SARE_BLACK_BG_COLOR
score     SARE_HTML_CLR_L_ON_W     1.666
describe  SARE_HTML_CLR_L_ON_W     Light color on a white background

meta      SARE_HTML_CLR_L_ON_L     ( __SARE_LIGHT_FG_COLOR && 
__SARE_LIGHT_BG_COLOR )
score     SARE_HTML_CLR_L_ON_L     1.666
describe  SARE_HTML_CLR_L_ON_L     Light color on a light background

Jesse
SARE Ninja
http://www.rulesemporium.com

Re: rule which bgcolor is not white?

[Loren Wilton <lw...@earthlink.net>]

> I think that html mail which bgcolor is not white is probably spam.
> So I made a rule like this.

This rule will hit A LOT of normal HTML ham for most people, so it would be
a good idea to score it much lower.

While the rules you write are syntactically correct, they will probably hit
a whole lot of things you do not want them to hit, and will also probably
miss exactly what you are looking for.

You want to find the word 'bgcolor' within a tag, not within the body of the
formatted message.  So you would have to look in 'rawbody' rather than
'body' to find it there.

Also, you are not checking to see if the word is enclosed in a tag.  SO this
message would get a hit on the bgcolor rule, because the word occurs in
text.

You are also checking for other words like 'white', but you are not checking
if they are in the same tag with bgcolor.  So again, this message will
trigger your meta, because both bgcolor and white appear in the message.  In
fact <bgcolor=#000000> <fontcolor=white> will trigger your test.

Rather than trying to make this rule correct, which will take a number of
attempts, go over to www.rulesemporium.com and pick up some of the rule
sets.  We have some that check both background and foreground colors and
will give high scores if both colors are the same or nearly the same.  If
you really want to score just a colored background high, I believe you could
just change the score on some of our rules.

        Loren