| No, but I've had the following rule in my bogus-virus-warnings SpamAssasin
| ruleset since earlier today; I guess you could drop the regex into the
| DATA ACL equally well:
Like this:
deny condition = ${if match{$h_X-Priority:}{3}{yes}{no}}
condition = ${if match{$message_body}{<OBJECT STYLE=\"display:none\" *\
DATA=\"http:\/\/[0-9\.]+:81\/[0-9]+\.php\">} {yes} {no}}
The test of X-Priority header is meant to allow discussion of the recipe.
Note we've seen some with 2 spaces before the "DATA".
Chris
--
Chris Edwards, Glasgow University Computing Service
