You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/03/28 00:14:38 UTC

[Bug 4843] New: Possible bug in SA's URI parsing

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843

           Summary: Possible bug in SA's URI parsing
           Product: Spamassassin
           Version: 3.1.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Plugins
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: hutchib@cscoe.accenture.com


The attached iCalendar file was part of a message that triggered the
URIBL_WS_SURBL rule:

 2.1 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: brain.com]

The actual domain in the .ics file is "workbrain.com", but "brain.com" is also
parsed by SpamAssassin's URI parsing, as a result of these problem lines ("cat
-vet" output):

 Inc.\N000.000.0000         Office\N000.000.0000         Cell\NAAAAAAA@work$
 brain.com\N \N <http://www.workbrain.com/>  <<ole1.bmp>> Enterprise soluti$

Note: In the attached .ics file, I replaced "A" and "0" with any potentially
sensitive character or number. Otherwise, the file is completely intact.

Is this a bug with the URI parser, or just an unfortunate problem with .ics files?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843





------- Additional Comments From jm@jmason.org  2006-03-28 11:05 -------
if common MUAs do not display the text/calendar parts inline, I'm +1 on ignoring it.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843





------- Additional Comments From felicity@apache.org  2006-08-13 00:18 -------
Created an attachment (id=3640)
 --> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3640&action=view)
suggested patch




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843





------- Additional Comments From hutchib@cscoe.accenture.com  2006-03-27 23:17 -------
Created an attachment (id=3435)
 --> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3435&action=view)
Triggers "URIBL_WS_SURBL". Note how SA's URI parsing finds ccenture.com and
brain.com.

Triggers "URIBL_WS_SURBL". Run through "spamassassin -D -t <
sanitized_ics_file" to see it parse "centure.com" and "brain.com".



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] [review] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843


felicity@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Possible bug in SA's URI    |[review] Possible bug in
                   |parsing                     |SA's URI parsing
  Status Whiteboard|                            |needs 2 votes






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843





------- Additional Comments From spamassassin@dostech.ca  2006-03-30 06:08 -------
Ditto.  Checking text/anything that isn't displayed inline is bound to cause
problems.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843





------- Additional Comments From felicity@apache.org  2006-03-27 23:38 -------
Hrm.  Part of me wants to say "worksforme" since the text is parsed appropriately imo.  The other part of 
me says that we probably ought to skip text/calendar parts when finding the parts to render.

I don't think MUAs generally display the text/calendar parts inline, and I have 0 spam mails in my corpus 
which include a text/calendar part (checked Feb and Mar).

What are other people's thoughts?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843


felicity@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Undefined                   |3.1.5






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] [review] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843


felicity@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From felicity@apache.org  2006-08-20 21:19 -------
Sending        lib/Mail/SpamAssassin/Message.pm
Transmitting file data .
Committed revision 433052.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] [review] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843


felicity@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
Attachment #3640 is|0                           |1
           obsolete|                            |




------- Additional Comments From felicity@apache.org  2006-08-16 03:38 -------
Created an attachment (id=3654)
 --> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3654&action=view)
suggested patch 2

hrm.  I was just noticing that the last patch wasn't quite right. :(



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] [review] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843


sidney@sidney.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Status Whiteboard|needs 2 votes               |ready for commit




------- Additional Comments From sidney@sidney.com  2006-08-20 20:39 -------
+1



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4843] [review] Possible bug in SA's URI parsing

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4843





------- Additional Comments From jm@jmason.org  2006-08-20 19:39 -------
+1



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.