You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2015/10/10 10:33:02 UTC

[Bug 7252] New: charset=utf-16 tricks out SA

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7252

            Bug ID: 7252
           Summary: charset=utf-16 tricks out SA
           Product: Spamassassin
           Version: 3.4.1
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: spamassassin
          Assignee: dev@spamassassin.apache.org
          Reporter: h.reindl@thelounge.net

Created attachment 5331
  --> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5331&action=edit
sample message not hit body-rules

Content-Type: text/plain; charset=utf-16
Content-Transfer-Encoding: base64

no custom body rules hit like they do for ISO/UTF8

see attached sample and rule below as well as the mailing-list thread
https://www.mail-archive.com/users@spamassassin.apache.org/msg93804.html which
indicates that way one can also bypass bayes

body      CUST_BODY_17    /.*(1st page ranking of google|dear potencial
partner).*/i
score     CUST_BODY_17    1.0
describe  CUST_BODY_17    Contains Low
____________________________

bayes_path /var/lib/spamass-milter/.spamassassin/bayes
bayes_file_mode 0600
use_learner 1
use_bayes 1
use_bayes_rules 1
bayes_use_hapaxes 1
bayes_expiry_max_db_size 50000000
bayes_auto_expire 0
bayes_auto_learn 0
bayes_learn_during_report 0
bayes_learn_to_journal 1
bayes_token_sources all
normalize_charset 1

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7252] charset=utf-16 tricks out SA

Posted by bu...@bugzilla.spamassassin.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7252

Reindl Harald <h....@thelounge.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |h.reindl@thelounge.net

--- Comment #3 from Reindl Harald <h....@thelounge.net> ---
thanks for pick that up - hopefully it will make it to releases

not that it's abused too much currently but it's some worth backdoor to bypass
bayes for spammers

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7252] charset=utf-16 tricks out SA

Posted by bu...@bugzilla.spamassassin.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7252

--- Comment #2 from Richard Alloway <ri...@roguewave.com> ---
Created attachment 5400
  --> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5400&action=edit
Proposed patch

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7252] charset=utf-16 tricks out SA

Posted by bu...@bugzilla.spamassassin.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7252

Richard Alloway <ri...@roguewave.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |richard.alloway@roguewave.c
                   |                            |om

--- Comment #1 from Richard Alloway <ri...@roguewave.com> ---
I was able to replicate this issue and have created a patch to mitigate the
problem.

The patch attempts to detect the endianness of UTF16 encoded strings and assign
the appropriate decoder.

-Rich Alloway (RogueWave)

-- 
You are receiving this mail because:
You are the assignee for the bug.