You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Duane Hill <d....@yournetplus.com> on 2007/03/30 04:05:28 UTC
Detecting Vulnerable Link
I'm trying to create a rule that will detect a vulnerable link within a
message:
body BADD_LINK /(?:href|src).*\.(?:bat|chm|dll|exe|lnk|pif|scr)["'\s>]/i
describe BADD_LINK Contains a link to a vulnerable file
score BADD_LINK 0.1
Something isn't right because tests show nothing is being detected. It
could be too, I'm not looking at something right.
Re: Detecting Vulnerable Link
Posted by Loren Wilton <lw...@earthlink.net>.
First thing I'd do would be to use a uri rule instead of a body rule.
----- Original Message -----
From: "Duane Hill" <d....@yournetplus.com>
To: <us...@spamassassin.apache.org>
Sent: Thursday, March 29, 2007 7:05 PM
Subject: Detecting Vulnerable Link
>
> I'm trying to create a rule that will detect a vulnerable link within a
> message:
>
> body BADD_LINK
> /(?:href|src).*\.(?:bat|chm|dll|exe|lnk|pif|scr)["'\s>]/i
> describe BADD_LINK Contains a link to a vulnerable file
> score BADD_LINK 0.1
>
> Something isn't right because tests show nothing is being detected. It
> could be too, I'm not looking at something right.