[SURBL-Discuss] More spams with Zdnet redirector

Bill Landry billl at pointshare.com
Sat Apr 9 18:56:31 CEST 2005

----- Original Message ----- 
From: "Daryl C. W. O'Shea" <spamassassin at dostech.ca>

> Raymond Dijkxhoorn wrote:
>> Hi!
>>>>>> full PROLO_REDIR_ZDNET_CHECK_1 /http:\/\/.*chkpt.zdnet.com\/chkpt/
>>>>>> score PROLO_REDIR_ZDNET_CHECK_1  8.0
>>>>>> Body
>>> Your rule above, using uri instead of full, works under both 3.0 and 3.1 
>>> (and probably older versions).
>> So how would it look like? I have no problem replacing it with a less CPU 
>> exhausting model ;)
> The exact same regex above would work as a uri test.  Though, you might 
> want to use:
> uri PROLO_REDIR_ZDNET_CHECK_1 /^http:\/\/.*chkpt\.zdnet\.com\/chkpt/
> ...and to more closely match the zdnet redirector...
> uri PROLO_REDIR_ZDNET_CHECK1 /^http:\/\/chkpt\.zdnet\.com\/chkpt\//

Just curious why you would require the URI start at the beginning of the 
line?  Why not simply:

uri PROLO_REDIR_ZDNET_CHECK1 /http:\/\/chkpt\.zdnet\.com\/chkpt\//

Without the caret "^", so the URI can show up anywhere within a line?


More information about the Discuss mailing list