This is a very nice problem. I've changed the code to detect this exploit.
ASSP is doing the same like the MUA's - it converts the '。' in to a '.'.
It will do this in every case (every file and every URI). But I don't
know, if this is right in case assp is used by users with local chinese or
japanies language.
Is there someone, who can tell me more about the usage of this '。'
character in his language - or even if it makes sense to substitute this
character inside assp?
Thomas
Von: TR Shaw <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 01.01.2012 00:14
Betreff: [Assp-test] Big5 and dots in uri's
I am writing this about assp 1.9.1.9(0.0.00) but I expect it is true in
2.x as well. ASSP does not properly deal with the below active spams which
are exploiting Big5 and MUA's behavior to get around filters.
Big5 is a Chinese language character set that uses double-byte encoding.
In messages, the ASCII period sign (2E) can be used as a domain name label
seperator in a Big5 MIME part. I might add the domain below is on SURBL
and is not currently being detected by ASSP because of this exploit.
I hope this data will help close this exploit that ASSP does not detect.
MUA's such as Outlook Express and Thunderbird support the encoded dot '。
'(A1
43): http://cheng-xia5。info/ (see attached image for a hex view, it's an
actual spam message).
If this link is clicked, the open dot character is transformed to a
regular '.'.
These Big5 codes have the same effect (with corresponding unicode names*):
0xA143 IDEOGRAPHIC FULL STOP
0xA144 FULLWIDTH FULL STOP
0xA14F SMALL FULL STOP
Tom
http://unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
