You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mark London <mr...@psfc.mit.edu> on 2010/02/28 18:00:13 UTC
How to create a rule that tests the raw html when encoded in base64,
but which ignores line breaks?
Hi - I created a FULL rule that works fine with html in plain text.
However, if the html is base64 encoded, FULL rules don't appear to
work. A RAWBODY rule doesn't work either, because it doesn't ignore
line breaks. Any ideas? Thanks. - Mark
Re: How to create a rule that tests the raw html when encoded in
base64, but which ignores line breaks?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sun, 2010-02-28 at 18:23 +0100, Benny Pedersen wrote:
> On søn 28 feb 2010 18:00:13 CET, Mark London wrote
>
> > Hi - I created a FULL rule that works fine with html in plain text.
> > However, if the html is base64 encoded, FULL rules don't appear to
> > work. A RAWBODY rule doesn't work either, because it doesn't ignore
> > line breaks. Any ideas?
>
> ripmime -i msg -d .
>
> there you have the base64 decoded msg now in current dir
/me double checks the List-ID
And this helps how exactly with SA and its rules?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: How to create a rule that tests the raw html when encoded in
base64, but which ignores line breaks?
Posted by Benny Pedersen <me...@junc.org>.
On søn 28 feb 2010 18:00:13 CET, Mark London wrote
> Hi - I created a FULL rule that works fine with html in plain text.
> However, if the html is base64 encoded, FULL rules don't appear to
> work. A RAWBODY rule doesn't work either, because it doesn't ignore
> line breaks. Any ideas?
ripmime -i msg -d .
there you have the base64 decoded msg now in current dir
if this is not working i need a sample or rule to test with
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: How to create a rule that tests the raw html when encoded in
base64, but which ignores line breaks?
Posted by Mark London <mr...@psfc.mit.edu>.
/s didn't appear to work for rawbody in version 3.1.8 But I just tried
it on a different system running 3.2.5, and it works there. Sorry about
posting my question before testing my problem on a newer version! - Mark
Karsten Bräckelmann wrote:
> On Sun, 2010-02-28 at 12:00 -0500, Mark London wrote:
>> Hi - I created a FULL rule that works fine with html in plain text.
>> However, if the html is base64 encoded, FULL rules don't appear to
>> work. A RAWBODY rule doesn't work either, because it doesn't ignore
>> line breaks. Any ideas?
>
> full rules don't ignore line breaks either, do they?
>
> Anyway, if you want to treat line breaks just like any other whitespace
> and therefor possibly apply your rules to multi-line strings, have a
> look at the /m and /s RE modifiers.
> http://perldoc.perl.org/perlre.html#Modifiers
>
> You don't need a special parsed or decoded message -- you can extend
> your rule's RE.
>
>
> Note that in this case proper bounding becomes even more crucial, since
> the string to match against can be quite long. Don't use unbound
> quantifiers like * and + unless absolutely necessary, but try to always
> limit matching by using an upper bound quantifier, like {1,80}.
>
>
Re: How to create a rule that tests the raw html when encoded in
base64, but which ignores line breaks?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sun, 2010-02-28 at 12:00 -0500, Mark London wrote:
> Hi - I created a FULL rule that works fine with html in plain text.
> However, if the html is base64 encoded, FULL rules don't appear to
> work. A RAWBODY rule doesn't work either, because it doesn't ignore
> line breaks. Any ideas?
full rules don't ignore line breaks either, do they?
Anyway, if you want to treat line breaks just like any other whitespace
and therefor possibly apply your rules to multi-line strings, have a
look at the /m and /s RE modifiers.
http://perldoc.perl.org/perlre.html#Modifiers
You don't need a special parsed or decoded message -- you can extend
your rule's RE.
Note that in this case proper bounding becomes even more crucial, since
the string to match against can be quite long. Don't use unbound
quantifiers like * and + unless absolutely necessary, but try to always
limit matching by using an upper bound quantifier, like {1,80}.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}