You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2015/10/10 10:33:02 UTC
[Bug 7252] New: charset=utf-16 tricks out SA
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7252
Bug ID: 7252
Summary: charset=utf-16 tricks out SA
Product: Spamassassin
Version: 3.4.1
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: spamassassin
Assignee: dev@spamassassin.apache.org
Reporter: h.reindl@thelounge.net
Created attachment 5331
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5331&action=edit
sample message not hit body-rules
Content-Type: text/plain; charset=utf-16
Content-Transfer-Encoding: base64
no custom body rules hit like they do for ISO/UTF8
see attached sample and rule below as well as the mailing-list thread
https://www.mail-archive.com/users@spamassassin.apache.org/msg93804.html which
indicates that way one can also bypass bayes
body CUST_BODY_17 /.*(1st page ranking of google|dear potencial
partner).*/i
score CUST_BODY_17 1.0
describe CUST_BODY_17 Contains Low
____________________________
bayes_path /var/lib/spamass-milter/.spamassassin/bayes
bayes_file_mode 0600
use_learner 1
use_bayes 1
use_bayes_rules 1
bayes_use_hapaxes 1
bayes_expiry_max_db_size 50000000
bayes_auto_expire 0
bayes_auto_learn 0
bayes_learn_during_report 0
bayes_learn_to_journal 1
bayes_token_sources all
normalize_charset 1
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7252] charset=utf-16 tricks out SA
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7252
Reindl Harald <h....@thelounge.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |h.reindl@thelounge.net
--- Comment #3 from Reindl Harald <h....@thelounge.net> ---
thanks for pick that up - hopefully it will make it to releases
not that it's abused too much currently but it's some worth backdoor to bypass
bayes for spammers
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7252] charset=utf-16 tricks out SA
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7252
--- Comment #2 from Richard Alloway <ri...@roguewave.com> ---
Created attachment 5400
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5400&action=edit
Proposed patch
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7252] charset=utf-16 tricks out SA
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7252
Richard Alloway <ri...@roguewave.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |richard.alloway@roguewave.c
| |om
--- Comment #1 from Richard Alloway <ri...@roguewave.com> ---
I was able to replicate this issue and have created a patch to mitigate the
problem.
The patch attempts to detect the endianness of UTF16 encoded strings and assign
the appropriate decoder.
-Rich Alloway (RogueWave)
--
You are receiving this mail because:
You are the assignee for the bug.