You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/01/19 02:04:55 UTC
[Bug 2947] New: RFE: Test to catch invalid HTML Obfuscation
http://bugzilla.spamassassin.org/show_bug.cgi?id=2947
Summary: RFE: Test to catch invalid HTML Obfuscation
Product: Spamassassin
Version: 2.62
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Rules
AssignedTo: spamassassin-dev@incubator.apache.org
ReportedBy: cgrady@the-magi.us
I've been getting a lot of spam emails recently that try to sneak by spam
filters by adding a lot of </randomword> invalid tags inside their message.
Examples:
<p>Ban</recovery>ned C</yardstick>D Gov</spacecraft>ernment d</aesthetic>on't
wan</lanky>t m</delia>e t</kittle>o s</bureaucratic>ell i</simplex>t.
Se</hedgehog>e N</sonority>ow _</p>
<p>Fr</copperas>ee Ca</erasure>bleTV!N</elsewhere>o mo</on>re
p</selfridge>ay!%RND_SYB</p>
The second example also brings up another request, but that'll go in another
bug, if it isn't already reported.
Anyway, I wrote my own test in local.cf that catches these so I thought I'd
share it as a possible addition.
rawbody HTML_OBFUSCATION /([\w\s!%]{2,}<\/[\w]+>){3,}/
describe HTML_OBFUSCATION Cra</foo>p Li</bar>e Th</baz>is
I noticed in another bug that you were trying to get away from rawbody tests,
but I figured this could still be helpful.
This could also be restricted a bit by forcing it to match inside of <p> and
</p>, as all the ones I've seen so far have had that wrapping it, but all it
would take is spammers removing the <p></p> and it would bypass it.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.