spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benny Pedersen">
Subject Re: IE Parse bug olso in SpamAssassin ?
Date Thu, 08 May 2008 19:40:45 GMT

On Thu, May 8, 2008 18:07, John Hardin wrote:

> Bayes isn't going to parse a URI as a URI anyway, is it?

i belived it did use that info olso

> It just tokenizes the message.

hopefully with url that confirm to rfc olso, but i see hte point where url is
obfu not to bother now when i think more about it

> Bayes will pick up the domain name string if it's delimited
> by {} as readily as it will if it's delimited by //.

yes got it now, i was just a bit blind on the hidded url in redir.html

> To clarify: why bother trying to deobfuscate the URI and figure out what
> domain it's really pointing at, so that domain can be checked against
> URIBL lists,

the hidded url could olso be a whitelisted domain

> if the form of the obfuscation is obvious and not seen in
> legitimate emails?

obfu is genricly a spam sign

> Why not just give that obfuscation four or five points
> and be done with it?

yep i will

> If that formatting *was* seen in legitimate emails, then I would say that
> it's important the URI parsers be aware of it.

yes, my fault not thinking that long here :/

> Can you provide any pointers to documentation of that formatting? I didn't
> find any in a quick gargle.

if i know what to search for i could :/

i just started this thread to be sure IE parse bug is not in sa aswell since i
could see domains not detecked in spam, but i got it now

Benny Pedersen
Need more webspace ?

View raw message