You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by John Hardin <jh...@impsec.org> on 2012/11/10 20:03:32 UTC

Mixed-case URIs

All:

Mark Perkel brought up on the users list that he's seeing a lot of 
mixed-case URIs in spam lately.

I did a quick grep of URI rules and there are quite a few that are 
case-sensitivei, probably unintentionally. It might be a good idea for 
everybody to audit their sandbox and make sure that any URI rules that 
aren't specifically looking for case-based patterns are case-insensitive.

For example:

    DOS_GOOGLE_DOCS     /^http:\/\/docs\.google\.com\/View\?id=/

This would be easy for a spammer to avoid.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Any time law enforcement becomes a revenue center, the system
   becomes corrupt.
-----------------------------------------------------------------------
  Tomorrow: Veterans Day