[SURBL-Discuss] More spams with Zdnet redirector
Bill Landry
billl at pointshare.com
Sat Apr 9 18:56:31 CEST 2005
----- Original Message -----
From: "Daryl C. W. O'Shea" <spamassassin at dostech.ca>
> Raymond Dijkxhoorn wrote:
>> Hi!
>>
>>>>>> full PROLO_REDIR_ZDNET_CHECK_1 /http:\/\/.*chkpt.zdnet.com\/chkpt/
>>>>>> score PROLO_REDIR_ZDNET_CHECK_1 8.0
>>>>>> describe PROLO_REDIR_ZDNET_CHECK_1 PROLO_REDIR-ZDNET CHECK_1_2_3,
>>>>>> Body
>>
>>> Your rule above, using uri instead of full, works under both 3.0 and 3.1
>>> (and probably older versions).
>
>> So how would it look like? I have no problem replacing it with a less CPU
>> exhausting model ;)
>
> The exact same regex above would work as a uri test. Though, you might
> want to use:
>
> uri PROLO_REDIR_ZDNET_CHECK_1 /^http:\/\/.*chkpt\.zdnet\.com\/chkpt/
>
> ...and to more closely match the zdnet redirector...
>
> uri PROLO_REDIR_ZDNET_CHECK1 /^http:\/\/chkpt\.zdnet\.com\/chkpt\//
Just curious why you would require the URI start at the beginning of the
line? Why not simply:
uri PROLO_REDIR_ZDNET_CHECK1 /http:\/\/chkpt\.zdnet\.com\/chkpt\//
Without the caret "^", so the URI can show up anywhere within a line?
Bill
More information about the Discuss
mailing list