You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/02/26 18:10:12 UTC

[Bug 3092] New: URI Rules don't recognize addresses unless http is in all lower-case letters

http://bugzilla.spamassassin.org/show_bug.cgi?id=3092

           Summary: URI Rules don't recognize addresses unless http is in
                    all lower-case letters
           Product: Spamassassin
           Version: 2.63
          Platform: Other
        OS/Version: FreeBSD
            Status: NEW
          Severity: minor
          Priority: P4
         Component: Rules
        AssignedTo: spamassassin-dev@incubator.apache.org
        ReportedBy: sandys@boreal.org


I've recently started receiving spam messages which refer to a web site like 
this:
htTP://mrfwl.fdfdt5.com/gp/defaULt.asP?id=rM
hTTp://pqgru.12wmeds.com/gP/DEfAuLt.asp?id=RM

I added a custom URI rule to my local.cf file to catch these:
uri MY_SPAMMER_URL /\b(?:(12wmeds|fdfdt5)\.com)/i
score MY_SPAMMER_URL 10

However, this rule is not triggered by these spam messages.  I tried manually 
editting the spam message so the website address started with http rather than 
htTP or hTTp, and ran it through spamassassin again.  This time my custom rule 
was triggered.

Conclusion: The uri rule doesn't recognize something as a URI unless it begins 
with http in all lower-case letters.  I believe this should be fixed so that 
URI rules recognize addresses starting with http in lower, upper or mixed-case 
letters. This can be worked around using a body rule rather than a uri rule, 
but I understand body rules are less efficient.  If spammers catch onto this it 
will render custom rule sets such as BigEvil ineffective, since they use uri 
rules.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.