spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benny Pedersen" ...@junc.org>
Subject Re: IE Parse bug olso in SpamAssassin ?
Date Thu, 08 May 2008 05:33:18 GMT

On Thu, May 8, 2008 05:00, Joseph Brennan wrote:
>> <p class=3DMsoNormal><a href=3D"http://{MACCCLINK=3Dtestmaclink,3,http://=
>> 67.228.184.50/links1.txt,www.easyaddedvivacecreation.com}/?asdfdwrt2qxfpm=
>> 7DuzjjB82iEozsAEajsqbE">Have a look at our site</a></p>
> Do you have a reference for more on this?  Is this just obfuscation or
> does it do something bad besides?

unsure what here, but when i have sent the mail here it was detected when i
get it back, but not in the initial email i get it from, so i might be

> Should we just call "http://{" bad, and not bother checking the uri?

i belive there is parts in sa that parse the same way as ie and that could be
used by spammers to hide there domains in multilvel obfu

one excample is redir.html with nearly allways redirect to medical selling host

how can one make the

redirector_pattern in local.cf to make it test redirect in redir.html ?

if sare team and sa code team se there corpus i am shure thay can se something
from it, i have tryed to make a redirector_pattern but no succes :/



Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098


Mime
View raw message