Re: Regex help (targetting very long HTML comments)

Adam Katz wrote:
> % grep html_text_match..comment 20_html_tests.cf

I hadn't known about that function until I saw Henrik's replies last
week, so it would have been hard to search for it.

> Any more that 512 chars isn't going to be helpful but will end up being
> computationally expensive (I've played with this idea). Also, I'd say
> this is more of a ham indicator than a spam indicator.

*shrug* I happen to be getting a wave of ~400K spams that consist of
about 1K of real HTML tags, loading the spam content via image from a
remote server, with the remainder of that 400K message consisting of
maybe four *very* long HTML comments (50K+) with nothing but gibberish
(groups of ~4-8 words, separated by /, ;, # and occasionally some other
symbol).

I've also seen gobs of mail with ~5K of CSS in an HTML comment - mostly
from Outlook. *eyeroll*

These are most of what's still getting through to *my* inbox, but with
~50K users I'd assume they're hitting other people as well.
Unfortunately, as an ISP sysadmin, my ability to get useful, timely
feedback from a high proportion of the userbase is... limited.

-kgd

• This message: [ Message body ]
• Next message: Thomas Johnson: ""Pill" spams"
• Previous message: Mariusz Kruk: "Re: Flag mail from certain country codes."
• In reply to: Adam Katz: "Re: Regex help (targetting very long HTML comments)"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]