You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2021/01/04 15:05:55 UTC

[Bug 7877] New: Regex rawbody __WORD_INVIS and __FONT_INVIS issues

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7877

            Bug ID: 7877
           Summary: Regex rawbody __WORD_INVIS and __FONT_INVIS  issues
           Product: Spamassassin
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: major
          Priority: P2
         Component: spamassassin
          Assignee: dev@spamassassin.apache.org
          Reporter: mst@heimdalsecurity.com
  Target Milestone: Undefined

Hi,

We have identified an issue with __WORD_INVIS and __FONT_INVIS regex on color:
transparent.
Due to this current regex, it also matches 'background-color:transparent', we
are getting high spam score due to this 6 if both tags.

rawbody   __WORD_INVIS                 
/<(?!style)[a-z]+\s[^>]{1,80}(?:font(?:-size)?\s*:\s*(?:0*[01](?:\.\d+)?(?:px|pt|Q|vw|vh|vmin)|0+(?:\.\d+)?(?:cm|mm|in|pc|em|ex|ch|rem|lh|vmax))\s*[;'a-z]|color\s*:\s*transparent\s*[;'])[^>]{0,80}>\w{1,20}</i

  rawbody   __FONT_INVIS                 
/<(?!style)[a-z]+\s[^>]{1,80}(?:font(?:-size)?\s*:\s*(?:0*[01](?:\.\d+)?(?:px|pt|Q|vw|vh|vmin)|0+(?:\.\d+)?(?:cm|mm|pc|ch|rem|lh|vmax|%)|0+(?:\.0\d*)(?:em|ex|in))(?:\s[a-z]|\s*[;'])|color\s*:\s*transparent\s*[;'])[^>]{0,80}>\w/i

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7877] Regex rawbody __WORD_INVIS and __FONT_INVIS issues

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7877

John Hardin <jh...@impsec.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #4 from John Hardin <jh...@impsec.org> ---
Rule discrimination improved

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7877] Regex rawbody __WORD_INVIS and __FONT_INVIS issues

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7877

--- Comment #3 from John Hardin <jh...@impsec.org> ---
Sending        svn/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Transmitting file data .done
Committing transaction...
Committed revision 1885117.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7877] Regex rawbody __WORD_INVIS and __FONT_INVIS issues

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7877

John Hardin <jh...@impsec.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jhardin@impsec.org

--- Comment #1 from John Hardin <jh...@impsec.org> ---
Can you please attach a complete (all message headers intact) email that
demonstrates this problem?

Thanks.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7877] Regex rawbody __WORD_INVIS and __FONT_INVIS issues

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7877

Marius Stratulat <ms...@heimdalsecurity.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mst@heimdalsecurity.com

--- Comment #2 from Marius Stratulat <ms...@heimdalsecurity.com> ---
Hi John,

I cannot attach the complete email due to privacy.
It can be easy reproduce using this example:

<span
style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test1</span></li></ul>
<span
style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test2</span></li></ul>
<span
style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test3</span></li></ul>
<span
style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test4</span></li></ul>
<span
style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test5</span></li></ul>
<span
style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test6</span></li></ul>

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7877] Regex rawbody __WORD_INVIS and __FONT_INVIS issues

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7877

--- Comment #5 from Marius Stratulat <ms...@heimdalsecurity.com> ---
Thanks for the quick fix. Have a nice day.

-- 
You are receiving this mail because:
You are the assignee for the bug.