You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jeff Chan <je...@surbl.org> on 2006/11/18 05:42:49 UTC
URI obfuscation that confuses SA
It seems that the particular URI obfuscation in:
http://www.surbl.org/evidence/seruikiontunhfasnde.com.txt
successfully confuses SpamAssassin 3.1.6 into not detecting the
SURBL blacklisted URI.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: URI obfuscation that confuses SA
Posted by Matt Kettler <mk...@verizon.net>.
Jeff Chan wrote:
> It seems that the particular URI obfuscation in:
>
> http://www.surbl.org/evidence/seruikiontunhfasnde.com.txt
>
> successfully confuses SpamAssassin 3.1.6 into not detecting the
> SURBL blacklisted URI.
>
Does that even work as a link? Doesn't seem to work in firefox or IE for
me..
Re: URI obfuscation that confuses SA
Posted by "John D. Hardin" <jh...@impsec.org>.
On Fri, 17 Nov 2006, Jeff Chan wrote:
> It seems that the particular URI obfuscation in:
>
> http://www.surbl.org/evidence/seruikiontunhfasnde.com.txt
>
> successfully confuses SpamAssassin 3.1.6 into not detecting the
> SURBL blacklisted URI.
How about a rule that adds points for a link with no quotes around the
URI? That can't be too common in legitimate mail.
You could also add points for a URI with no dots in the "hostname"
part.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
[Small arms] are fundamentally dangerous and their removal from the
equation either by control, neutralisation or removal is essential.
The first step is to gain information on their numbers and
whereabouts. -- the UN, who "doesn't want to confiscate guns"
-----------------------------------------------------------------------