[Assp-test] Antwort: Re: Antwort: URI Scanning fixes

Thomas Eckardt Sun, 11 Mar 2012 10:41:39 -0700

>but I use $AddURIS2MyHeader,

>Without those two lines, ASSP never sees the example URI as URI. ASSP 
skips over them.


Do you use the latest version - this was changed in any of the latest 
versions.

>              $uri =~ s/\%([a-f0-9]{2})/chr(hex($1))/gieo;           #
> decode percents
>              $uri =~ s/\&\#(\d+)\;?/decHTMLentHD($1)/geo;          # 
decode
> &#ddd's
>              $uri =~
> s/\&\#x((?:[a-f0-9]{2})+)\;?/decHTMLentHD($1,'h')/geio;         # decode
> &#xHHHH's
>


Thomas





Von:    Michael Thomas <[email protected]>
An:     ASSP development mailing list <[email protected]>
Datum:  11.03.2012 18:28
Betreff:        Re: [Assp-test] Antwort:  URI Scanning fixes



Thomas,

If you insist, but I use $AddURIS2MyHeader, so I see a list of all URI 
discovered by ASSP. I downloaded ASSP version 2.1.2(12068) and installed 
it. When I discovered spam getting through, I examined the spam and 
realized I had forgotten to add those two lines.

Without those two lines, ASSP never sees the example URI as URI. ASSP 
skips over them.

With those two lines added, ASSP sees the URI as URI and adds them to 
the URI list. Further, if the URI are blacklisted, ASSP acts 
appropriately. Without those two lines, ASSP does not act on the 
offending URI.

Variant #1 - "href=3D"
In Variant #1, the hex code is not in the URI. The hex code is in the 
HTML anchor syntax.
Hotmail Example
---------------------------
  <a href=3D"http://chesapeakeluxurydays=
pa.com/flash.php">http://chesapeakeluxurydayspa.com/flash.php</a>=0A=
<br>=0A=
=0A=
<br> <br> <br> <br> <br> <br> <br>=0A=
---------------------------

Variant #2 - "&#12290;"
I do not know why ASSP misses this one, but it does.

I see these variants from Hotmail and Yahoo all the time.

Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)

On 3/11/2012 5:06 AM, Thomas Eckardt wrote:
> This is not needed
>
> - assp decodes all MIME encodings in&cleanMIMEBody2UTF8($bd).
>
> - assp decodes all HTML  encodings in
>             $data = decHTMLent($data);.
>    and
>              $uri =~ s/\%([a-f0-9]{2})/chr(hex($1))/gieo;           #
> decode percents
>              $uri =~ s/\&\#(\d+)\;?/decHTMLentHD($1)/geo;          # 
decode
> &#ddd's
>              $uri =~
> s/\&\#x((?:[a-f0-9]{2})+)\;?/decHTMLentHD($1,'h')/geio;         # decode
> &#xHHHH's
>
>
>
> Thomas
>
>
>
>
> Von:    Michael Thomas<[email protected]>
> An:     ASSP development mailing list<[email protected]>
> Datum:  10.03.2012 20:21
> Betreff:        [Assp-test] URI Scanning fixes
>
>
>
> Thomas,
>
> In sub URIBLok_Run I made the following modifications to handle two URI
> variants:
>
> Variant 1: href=3d"http://...
> Variant 2: http://somename&#12290;com
>
>
>       my $data =&cleanMIMEBody2UTF8($bd);
>       $data =~ s/\=(?:\015?\012|\015)//go;
>       # MIKE
>       $data =~ s/href\=3[dD]/href\=/go;
>       $data =~ s/\&\#12290\;/./go;
>       # End MIKE
>       $data = decHTMLent($data);
>
>
>
>
>
> 
------------------------------------------------------------------------------
> Virtualization&  Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>
>
>
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test


------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/

_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Antwort: Re: Antwort: URI Scanning fixes

Reply via email to