You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Monnerie <mi...@it-management.at> on 2006/12/12 11:16:07 UTC
question to SARE_URI_EQUALS
I've got a false positive with
uri SARE_URI_EQUALS
m{^https?:?[/\\]{0,2}[^/\&?;]{1,100}=(?!(?:..)?$).*$}i
and would like to know if somebody could tell me what is looked for with
this rule, or maybe one SARE ninja could optimise it?
I've put the original e-mail into http://zmi.at/x/adobe.txt
It's modified as I only got a forward of it, but that shouldn't be a
problem I guess.
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846914666 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re: question to SARE_URI_EQUALS
Posted by Loren Wilton <lw...@earthlink.net>.
It's looking for an equal sign in the hostname/domain name, such as
http://www.foo=bar.com/blah.
Offhand I don't see what it hit in the mail you have posted there, but
something must have extracted a uri that had an equal sign in it.
There once was a version of the rule that used rawbody to check for this,
but it would FP on stuff that was in QP format (such as your mail) that
ended up with a wrapped URI.
Loren