yes... I might implement your approach if we start getting too
many false positives. I'd refine it a bit though, at least like
but then I'm not sure whether there may be other ways for invoking
Tim Pierce <firstname.lastname@example.org> wrote:
> On Fri, Jun 01, 2001 at 01:00:40AM +0200, Norbert Bollow wrote:
> > Here is a new type of possible malware that is not stopped by
> > standard demime/attachment stripping.
> > I have just added a check for the regular expression
> > /https?:\S*(%3a|\:)(%2f|\/)(%2f|\/)/i
> I would probably use this instead:
> Legitimate redirector URLs will include strings like %2F%2F.
> appear inside a benign message.