This one should handle FPs reported by Wim Borgs.
REPLACE:
$uri=~s/$URIContinuationRe\.?//go; # and strip line continuations
# decode quoted-printables
$uri=~s/\=([a-f0-9]{2})/chr(hex($1))/gie;
# decode 'at' character
$uri=~s/\%40/@/g;
$uri=~s/\\#0?64\;?/@/g;
if
correction:
$uri=~s/\\#1[03]\;?.*$//i;
$uri=~s/\(?:nbsp|amp|quot|gt|lt)\;?//gi;
$uri=~s/(?:$URISubDelimsCharRe|\.)+$//;
should be:
$uri=~s/\\#1[03]\;?.*$//;
$uri=~s/\(?:nbsp|amp|quot|gt|lt)\;?//gi;
$uri=~s/(?:$URISubDelimsCharRe|\.)+$//o;
Cross-posted from the ASSP-Devel mailing list:
- fixes some false-positives
- added check for http://www.printeryml*com ( Important ! Replace * with . )
type of obfuscation
1. REPLACE:
# URI components
no my maillog is big .My problem is using grep -v .
I had not this problems before .
The file probably contains non-printable characters (client submitted data
perhaps).
-
Using Tomcat but need to do more? Need to support
Hmm, it works for me. If somebody could (dis)confirm:
It is catched by Bayesian )))(((.
OK, my previous patch lied a little ;-)
change:
if ($uri=~/(?:[^\s\/[EMAIL PROTECTED]@)?([0-9a-z\-\_\.]+)/i) {
to:
if ($uri=~/(?:[^\s\/[EMAIL PROTECTED]@)?($URICharRe+)/i) {
P.
Maybe it doesn't work at all (including up to 1.2.7.1 (68). I have never
actually had a hit on this function, but I may just have been lucky.
The check in its current form secures against
http://www.pc-help.org/obscure.htm
types of obfuscation.
Some of the examples in this test are just
Regarding Disallow Obfuscated URIs
I have noticed that this function does not block all types of obfuscated
URIs.
Please post a real-world example of such URIs.
While my perl is not quite good enough to get right to the bottom of
it, may I suggest that the description text outline briefly
Micheal Espinola Jr wrote:
What would you like references to? TCP sessions are not secure in any
way shape or form. There is no security designed into the technology.
TCP's 3-way handshake may be a small obstacle ;-)
(in case of attacker and victim being on separate subnets)
While not the
Thanks loads Fritz!
Thanks loads Wim!!!
Fritz
Cheers for the guys who are providing the uribl/surbl service :-)
Przemek
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and
The coding is the code
Przemek
gave us. Wim and me did only some adjustments.
It is duly in the code: Przemek Czerkas - SRS, Delaying, Maillog
Search, HTTP Compression, URIBL,.
So all cheers to Przemek.
Three cheers to all of you, Hip, Hip, Hooray! :o)
Doug
Thanks! This is great team
Micheal Espinola Jr wrote:
I see this too, but not continuously. It does go away and show normal
stats again. The stats polled in ASSP do not seem to be reflective of
my actual server CPU stats. I don't see the Perl processing doing
anywhere near that type of damage that ASSP is reporting.
Hopefully, Przemek Czerkas multithreading code will make it into assp at
some point. Then we could have the pleasure of taking the advantage of
such functionality (and proper Greeting delay, Error delay, etc).
Lars
Actually, it's still in single thread, but tries to emulate multi-tasking
Hi,
I have turned on daily log rolling in ASSP and it's occurring at 4:00 PM my
time (PST), which corresponds with midnight UTC. How do I change this so
that log rolling occurs at midnight local (PST) time , or any other time for
that matter? I'm assuming it's in assp.pl, but I'm not sure
Micheal Espinola Jr wrote:
Matti Haack wrote:
The only really clean secure way (but as I think most
complicated patch) would be allow access only to the files locations which
are entered somewhere in the config file.
Best idea I have heard so far.
So one aditional step before breaking in
14 matches
Mail list logo