You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2012/11/15 22:01:03 UTC

[Bug 6866] New: Unicode normalization allows evasion of URIBL checks

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6866

          Priority: P2
            Bug ID: 6866
          Assignee: dev@spamassassin.apache.org
           Summary: Unicode normalization allows evasion of URIBL checks
          Severity: normal
    Classification: Unclassified
                OS: Linux
          Reporter: md@linux.it
          Hardware: PC
            Status: NEW
           Version: 3.3.2
         Component: Libraries
           Product: Spamassassin

This kind of URI is valid and recognized by browsers and other software, but
URIBL checks miss it due to the double-width dot:

www。dbltest。com

I have seen this trick in the wild, used by spammers.

Dump:

00000000  77 77 77 e3 80 82 64 62  6c 74 65 73 74 e3 80 82  |www...dbltest...|
00000010  63 6f 6d 0a                                       |com.|


I tried these rule as a workaround, but they do not work for me:

body     URI_DWDOT              m|\xe3\x80\x82|
body     URI_DWDOT              m|。|

-- 
You are receiving this mail because:
You are the assignee for the bug.