[Assp-test] Antwort: Re: Antwort: Re: Antwort: URI Scanning fixes

Thomas Eckardt Tue, 13 Mar 2012 00:35:14 -0700

Both encodings are detected and decoded by assp.

If you see both strings after '$data = decHTMLent($data);'


href=3D
&#12290

they must be double encoded in the original source - something like: 

&amp#12290 
or 
&amp#%31%32=32%39=30.

If this is the case - IMHO these stings should not be shown as an URL in 
the mail client.

Thomas please could you check this for me - thank you.

Thomas




Von:    Michael Thomas <[email protected]>
An:     ASSP development mailing list <[email protected]>
Datum:  11.03.2012 19:27
Betreff:        Re: [Assp-test] Antwort: Re:  Antwort:  URI Scanning fixes



Thomas,

I am using ASSP version 2.1.2(12068). AFAIK that is the latest. The 
issue exists in ASSP version 2.1.2(12068).

Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)

On 3/11/2012 1:40 PM, Thomas Eckardt wrote:
>> but I use $AddURIS2MyHeader,
>
>> Without those two lines, ASSP never sees the example URI as URI. ASSP
> skips over them.
>
> Do you use the latest version - this was changed in any of the latest
> versions.
>
>>               $uri =~ s/\%([a-f0-9]{2})/chr(hex($1))/gieo;           #
>> decode percents
>>               $uri =~ s/\&\#(\d+)\;?/decHTMLentHD($1)/geo;          #
> decode
>> &#ddd's
>>               $uri =~
>> s/\&\#x((?:[a-f0-9]{2})+)\;?/decHTMLentHD($1,'h')/geio;         # 
decode
>> &#xHHHH's
>>
>
>
> Thomas
>
>
>
>
>
> Von:    Michael Thomas<[email protected]>
> An:     ASSP development mailing list<[email protected]>
> Datum:  11.03.2012 18:28
> Betreff:        Re: [Assp-test] Antwort:  URI Scanning fixes
>
>
>
> Thomas,
>
> If you insist, but I use $AddURIS2MyHeader, so I see a list of all URI
> discovered by ASSP. I downloaded ASSP version 2.1.2(12068) and installed
> it. When I discovered spam getting through, I examined the spam and
> realized I had forgotten to add those two lines.
>
> Without those two lines, ASSP never sees the example URI as URI. ASSP
> skips over them.
>
> With those two lines added, ASSP sees the URI as URI and adds them to
> the URI list. Further, if the URI are blacklisted, ASSP acts
> appropriately. Without those two lines, ASSP does not act on the
> offending URI.
>
> Variant #1 - "href=3D"
> In Variant #1, the hex code is not in the URI. The hex code is in the
> HTML anchor syntax.
> Hotmail Example
> ---------------------------
>    <a href=3D"http://chesapeakeluxurydays=
> pa.com/flash.php">http://chesapeakeluxurydayspa.com/flash.php</a>=0A=
> <br>=0A=
> =0A=
> <br>  <br>  <br>  <br>  <br>  <br>  <br>=0A=
> ---------------------------
>
> Variant #2 - "&#12290;"
> I do not know why ASSP misses this one, but it does.
>
> I see these variants from Hotmail and Yahoo all the time.
>
> Michael Thomas
> Mathbox
> 978-687-3300
> Toll Free: 1-877-MATHBOX (1-877-628-4269)
>
> On 3/11/2012 5:06 AM, Thomas Eckardt wrote:
>> This is not needed
>>
>> - assp decodes all MIME encodings in&cleanMIMEBody2UTF8($bd).
>>
>> - assp decodes all HTML  encodings in
>>              $data = decHTMLent($data);.
>>     and
>>               $uri =~ s/\%([a-f0-9]{2})/chr(hex($1))/gieo;           #
>> decode percents
>>               $uri =~ s/\&\#(\d+)\;?/decHTMLentHD($1)/geo;          #
> decode
>> &#ddd's
>>               $uri =~
>> s/\&\#x((?:[a-f0-9]{2})+)\;?/decHTMLentHD($1,'h')/geio;         # 
decode
>> &#xHHHH's
>>
>>
>>
>> Thomas
>>
>>
>>
>>
>> Von:    Michael Thomas<[email protected]>
>> An:     ASSP development mailing list<[email protected]>
>> Datum:  10.03.2012 20:21
>> Betreff:        [Assp-test] URI Scanning fixes
>>
>>
>>
>> Thomas,
>>
>> In sub URIBLok_Run I made the following modifications to handle two URI
>> variants:
>>
>> Variant 1: href=3d"http://...
>> Variant 2: http://somename&#12290;com
>>
>>
>>        my $data =&cleanMIMEBody2UTF8($bd);
>>        $data =~ s/\=(?:\015?\012|\015)//go;
>>        # MIKE
>>        $data =~ s/href\=3[dD]/href\=/go;
>>        $data =~ s/\&\#12290\;/./go;
>>        # End MIKE
>>        $data = decHTMLent($data);
>>
>>
>>
>>
>>
>>
> 
------------------------------------------------------------------------------
>> Virtualization&   Cloud Management Using Capacity Planning
>> Cloud computing makes use of virtualization - but cloud computing
>> also focuses on allowing computing to be delivered as a service.
>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>>
>>
>>
>> _______________________________________________
>> Assp-test mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
> 
------------------------------------------------------------------------------
> Virtualization&  Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, 
legally
> privileged and protected in law and are intended solely for the use of 
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
>
>
> 
------------------------------------------------------------------------------
> Virtualization&  Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>
>
>
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test


------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Antwort: Re: Antwort: Re: Antwort: URI Scanning fixes

Reply via email to