You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/10/25 07:19:27 UTC
[Bug 5150] New: HTML Parser can find URI on last line of email.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5150
Summary: HTML Parser can find URI on last line of email.
Product: Spamassassin
Version: 3.1.7
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Libraries
AssignedTo: dev@spamassassin.apache.org
ReportedBy: don@drakeconsult.com
I noticed a spam got through that contained a URI that I *know* is in the URIBL
black list. The rules that were triggered did not include URIBL_BLACK and I
confirmed DNS is working on my system.
If I tweaked the message and added a new line to the end of the file, it found
the URI.
I'll attach an example of the spam I received that won't get parsed.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5150] HTML Parser cannot handle missing quotes
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5150
felicity@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Group| |security
Status|NEW |RESOLVED
Component|Libraries |Security
Resolution| |DUPLICATE
------- Additional Comments From felicity@apache.org 2007-01-31 16:58 -------
the "locks up" mail has already been reported as bug 5318, so closing as
duplicate. also marking this as "security".
*** This bug has been marked as a duplicate of 5318 ***
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5150] HTML Parser cannot handle missing quotes
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5150
------- Additional Comments From s.shipway@auckland.ac.nz 2007-01-31 16:50 -------
Created an attachment (id=3850)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3850&action=view)
Spam that locks up spamassassin
We're seeing a similar situation where the closing quote on the href= is
missing, and the entire message is treated as multiple URIs. This causes
Spamassassin to take upwards of 20mins to parse the message, eating >250Mb in
the process. We're getting our mail gateway crashing due to the number of
these that get sent...
Attached is a message which kills spamassassin. The offending line is #160,
missing the ">.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5150] HTML Parser cannot handle missing quotes
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5150
------- Additional Comments From don@drakeconsult.com 2006-10-24 22:50 -------
Created an attachment (id=3728)
--> (http://issues.apache.org/SpamAssassin/attachment.cgi?id=3728&action=view)
Message contains bad html
The attached message shows on the last line the target="_new does not have a
closing quote.
This causes the URI to not get parsed, therefore the URIBL_BLACK check will not
find this URI.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5150] HTML Parser cannot handle missing quotes
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5150
don@drakeconsult.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|HTML Parser can find URI on |HTML Parser cannot handle
|last line of email. |missing quotes
------- Additional Comments From don@drakeconsult.com 2006-10-24 22:48 -------
I've updated the title, it's not a matter of a new-line, the problem was a
missing quote (") in the HTML.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.