I've been trying to catch some really pesky spam from .RU that contain links in this format:
http://username.somedomain.ru/?53245abunchofnumbers342342
I've been trying to inspect them using text patterns ('http.*\.ru/\?') but it doesn't seem Exchange 2013 will even touch HTML formatted email content. I've even attempted to create a rule that just looks for "http" in the email and they still get past the rule. Is there an option I need to turn on in Exchange to actually inspect these types of emails? Maybe a different condition I need to set? This has been driving mecrazy for the last few weeks. Please, any help is appreciated.