You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Monnerie <mi...@it-management.at> on 2006/12/12 11:16:07 UTC

question to SARE_URI_EQUALS

I've got a false positive with

uri      SARE_URI_EQUALS          
m{^https?:?[/\\]{0,2}[^/\&?;]{1,100}=(?!(?:..)?$).*$}i

and would like to know if somebody could tell me what is looked for with 
this rule, or maybe one SARE ninja could optimise it?

I've put the original e-mail into http://zmi.at/x/adobe.txt
It's modified as I only got a forward of it, but that shouldn't be a 
problem I guess.

mfg zmi
-- 
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0676/846914666                        .network.your.ideas.
// PGP Key:        "curl -s http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2  9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net                 Key-ID: 0x55CBA4EE

Re: question to SARE_URI_EQUALS

Posted by Loren Wilton <lw...@earthlink.net>.

It's looking for an equal sign in the hostname/domain name, such as 
http://www.foo=bar.com/blah.
Offhand I don't see what it hit in the mail you have posted there, but 
something must have extracted a uri that had an equal sign in it.

There once was a version of the rule that used rawbody to check for this, 
but it would FP on stuff that was in QP format (such as your mail) that 
ended up with a wrapped URI.

        Loren