You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2012/11/15 22:01:03 UTC
[Bug 6866] New: Unicode normalization allows evasion of URIBL checks
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6866
Priority: P2
Bug ID: 6866
Assignee: dev@spamassassin.apache.org
Summary: Unicode normalization allows evasion of URIBL checks
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: md@linux.it
Hardware: PC
Status: NEW
Version: 3.3.2
Component: Libraries
Product: Spamassassin
This kind of URI is valid and recognized by browsers and other software, but
URIBL checks miss it due to the double-width dot:
www。dbltest。com
I have seen this trick in the wild, used by spammers.
Dump:
00000000 77 77 77 e3 80 82 64 62 6c 74 65 73 74 e3 80 82 |www...dbltest...|
00000010 63 6f 6d 0a |com.|
I tried these rule as a workaround, but they do not work for me:
body URI_DWDOT m|\xe3\x80\x82|
body URI_DWDOT m|。|
--
You are receiving this mail because:
You are the assignee for the bug.