Mailing List Archive: RE: [Dshield] Incredible spam obfuscation (from MIMEDefang maillist)

Is there a way to do a negated regex in an SA rule?

@strings = ('<A HREF="bananas.html">Click here to see my new house
pictures <img src="houseicon.gif"></A>',
'<A HREF="bananas.html"><img src="houseicon.gif"></A></A>',
'<A HREF="bananas.html"><img src="houseicon.gif"></A><A
HREF="bananas.html"><img src="houseicon.gif"></A>',
'<A HREF="bananas.html"></A>'
);

foreach $string (@strings) {
#here -- the !~
if ($string !~ /<A HREF=".*">?(.*)<.*><\/A>/i) {
print "matches\n $string\n";
} else {
print "doesn't match\n $string\n";
}
}

-----Original Message-----
From: Chris Thielen [mailto:cmt-spamassassin@someone.dhs.org]
Sent: Friday, February 20, 2004 10:21 AM
To: spamassassin-users@incubator.apache.org
Subject: RE: [Dshield] Incredible spam obfuscation (from MIMEDefang
maillist)

Steven Manross said:
> Isnt the answer really to catch the unclickable link...
>
> Namely,
>
> /<A HREF.*><\/A>/

FYI it would match thinggies like this:
<A HREF="bananas.html">Click here to see my new house pictures <img
src="houseicon.gif"></A>

--
Chris Thielen

Easily generate SpamAssassin rules to catch obfuscated spam phrases
(0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/