You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/06/24 14:18:40 UTC

[Bug 4426] New: URIBL evasion technique

http://bugzilla.spamassassin.org/show_bug.cgi?id=4426

           Summary: URIBL evasion technique
           Product: Spamassassin
           Version: 3.0.4
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Plugins
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: dan.mcdonald@austinenergy.com


uri's with the http:// part encoded are not caught by the parser:
debug: uri found: cid:07e501c5258e$92fa9ac0$52fca8fe@efe-uk.com
debug: uri found:
%68LOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLWWHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWK%70:/%2Fjazevfk.com&<mqbmtqsgdj9khye39yfuqj%2Edefunctionej.com/
debug: uri found: mailto:conley@austinenergy.com
debug: uri found:
hLOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLWWHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWKp://jazevfk.com&%3cmqbmtqsgdj9khye39yfuqj.defunctionej.com/
debug: URIDNSBL: domains to query: efe-uk.com

defunctionej.com is listed in uribl black and this messages should have been
flagged...



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4426] URIs missed: hLONGSTREAMOFGIBBERISHp as protocol

Posted by bu...@bugzilla.spamassassin.org.

http://bugzilla.spamassassin.org/show_bug.cgi?id=4426


jm@jmason.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|URIBL evasion technique     |URIs missed:
                   |                            |hLONGSTREAMOFGIBBERISHp as
                   |                            |protocol




------- Additional Comments From jm@jmason.org  2005-07-13 11:15 -------
retitled



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4426] URIBL evasion technique

Posted by bu...@bugzilla.spamassassin.org.

http://bugzilla.spamassassin.org/show_bug.cgi?id=4426


Bob@Menschel.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Undefined                   |3.1.0
            Version|3.0.4                       |SVN Trunk (Latest Devel
                   |                            |Version)




------- Additional Comments From Bob@Menschel.net  2005-07-03 18:56 -------
3.1.0 pre-3 debug output gives a few more lines, but same effect: 
[14616] dbg: uri: html uri found,
%68LOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLW
WHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWK%70:/%2Fjazevfk.com&<mqbmtqsgdj9khye39yfuqj%2Edefunctionej.com/
[14616] dbg: uri: cleaned html uri,
%68LOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZ
LWWHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWK%70:/%2Fjazevfk.com&<mqbmtqsgdj9khye39yfuqj%2Edefunctionej.com/
[14616] dbg: uri: cleaned html uri,
hLOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLW
WHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWKp://jazevfk.com&%3cmqbmtqsgdj9khye39yfuqj.defunctionej.com/
[14616] dbg: uri: parsed uri found, mailto:conley@austinenergy.com
[14616] dbg: uri: cleaned parsed uri, mailto:conley@austinenergy.com
[14616] dbg: uri: parsed domain, austinenergy.com
[14616] dbg: uri: parsed uri found, mailto:conley@austinenergy.com
[14616] dbg: uri: parsed domain, austinenergy.com
[14616] dbg: uridnsbl: domains to query: efe-uk.com

Updating version, and also setting target to 3.1.0, in hopes this can be fixed
before official release. If not, should be scheduled for 3.1.1




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4426] URIs missed: hLONGSTREAMOFGIBBERISHp as protocol

Posted by bu...@bugzilla.spamassassin.org.

http://bugzilla.spamassassin.org/show_bug.cgi?id=4426


duncf@debian.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|3.1.0                       |3.1.1




------- Additional Comments From duncf@debian.org  2005-07-23 17:31 -------
Daniel, does that actually work as a link? (If so, what mail program are you using?)

Moving to 3.1.1.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4426] URIBL evasion technique

Posted by bu...@bugzilla.spamassassin.org.

http://bugzilla.spamassassin.org/show_bug.cgi?id=4426





------- Additional Comments From jm@jmason.org  2005-07-13 11:14 -------
umm, how the hell does that work?  *does* that work in any MUA?

'hLOPDKDWUZKEMWCNLMKEKIIRIZOUKOXYIAKBBNJQAGDNUHLAIVLZQQJWXOLWBRPTXSIUSDREJGWJSZVLMZWFMEHOULBUDCMAJHHBZCLZLWWHFEBTUFOSTGKRDMBWYHITRROACYQKGNSNSFWVOPHERZAWKp:'
is certainly not a valid URI protocol spec ;) but if it does work we have to
catch it.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4426] URIBL evasion technique

Posted by bu...@bugzilla.spamassassin.org.

http://bugzilla.spamassassin.org/show_bug.cgi?id=4426





------- Additional Comments From dan.mcdonald@austinenergy.com  2005-06-24 05:22 -------
Created an attachment (id=2954)
 --> (http://bugzilla.spamassassin.org/attachment.cgi?id=2954&action=view)
Sample showing evasive technique




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4426] URIs missed: hLONGSTREAMOFGIBBERISHp as protocol

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4426


felicity@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME




------- Additional Comments From felicity@apache.org  2006-02-09 05:27 -------
having heard nothing, I'm going to close out this ticket.  as far as we know, the URL specified won't 
actually work in an MUA/browser.  If this isn't the case, please let us know what programs accept these.  
Thanks. 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.