You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Duane Hill <d....@yournetplus.com> on 2007/03/30 04:05:28 UTC

Detecting Vulnerable Link

I'm trying to create a rule that will detect a vulnerable link within a 
message:

body     BADD_LINK /(?:href|src).*\.(?:bat|chm|dll|exe|lnk|pif|scr)["'\s>]/i
describe BADD_LINK Contains a link to a vulnerable file
score    BADD_LINK 0.1

Something isn't right because tests show nothing is being detected. It 
could be too, I'm not looking at something right.

Re: Detecting Vulnerable Link

Posted by Loren Wilton <lw...@earthlink.net>.

First thing I'd do would be to use a uri rule instead of a body rule.

----- Original Message ----- 
From: "Duane Hill" <d....@yournetplus.com>
To: <us...@spamassassin.apache.org>
Sent: Thursday, March 29, 2007 7:05 PM
Subject: Detecting Vulnerable Link


>
> I'm trying to create a rule that will detect a vulnerable link within a 
> message:
>
> body     BADD_LINK 
> /(?:href|src).*\.(?:bat|chm|dll|exe|lnk|pif|scr)["'\s>]/i
> describe BADD_LINK Contains a link to a vulnerable file
> score    BADD_LINK 0.1
>
> Something isn't right because tests show nothing is being detected. It 
> could be too, I'm not looking at something right.