Martin,
Please refer to ' http://en.wikipedia.org/wiki/MIME' section 'Encoded-Word'
Content-Type: text/plain; charset=UTF-8;
name==?UTF-8?B?PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PnRlcy50eHQ=?=
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
On Sun, 2013-03-24 at 11:05 +, Sharma, Ashish wrote:
I have encoded the harmful filename 'scriptalert(1)/scripttes.txt'
to base64 and added them into the email as it's allowed as per RFC
2047 in email headers and is a valid form.
This is bypassing the spam rule that you created earlier
On Thu, 2013-03-21 at 09:40 +, Sharma, Ashish wrote:
What would be the change in spam rule if the Content-Disposition field
is mime word encoded as per RFC 2047 ?
Please find the sample eml at:
http://pastebin.com/FLjzCsUZ
What's the problem with this message? The portion you've
On Fri, 22 Mar 2013 07:21:25 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
I suggested HTML-escaping the attachment filenames during the page
generation as the standard solution
Well, yes. Any content that lands on your doorstep needs to be treated
carefully. :)
but I think there's
On Fri, 22 Mar 2013, David F. Skoll wrote:
On Fri, 22 Mar 2013 07:21:25 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
I suggested HTML-escaping the attachment filenames during the page
generation as the standard solution
Well, yes. Any content that lands on your doorstep needs to be
On Fri, 22 Mar 2013, Martin Gregorie wrote:
On Fri, 2013-03-22 at 09:56 -0400, David F. Skoll wrote:
However, any mail reader should be hardened against accepting arbitrary
filenames... I can't see how this would be a problem in practice except
maybe in badly-written webmail systems.
On Fri, 2013-03-22 at 11:04 -0700, John Hardin wrote:
On Fri, 22 Mar 2013, Martin Gregorie wrote:
On Fri, 2013-03-22 at 09:56 -0400, David F. Skoll wrote:
However, any mail reader should be hardened against accepting arbitrary
filenames... I can't see how this would be a problem in
Martin,
What would be the change in spam rule if the Content-Disposition field is mime
word encoded as per RFC 2047 ?
Please find the sample eml at:
http://pastebin.com/FLjzCsUZ
thanks
Ashish
-Original Message-
From: Martin Gregorie [mailto:mar...@gregorie.org]
Sent: Sunday, March
On Sat, 2013-03-09 at 09:23 -0800, John Hardin wrote:
Regarding that analogy, SA is not an antivirus tool, and any attempt to
make it one would be met with resistance. SA is also not an email
*security* tool.
Agreed. If I thought I needed an antivirus tool I's run Clamav.
An email
On Sat, 2013-03-09 at 09:23 -0800, John Hardin wrote:
On Sat, 9 Mar 2013, Martin Gregorie wrote:
Presumably the, ahem, misguided js interpretation is being triggered by
the script/script tags, so wouldn't the regex I've used here
mimeheader JS_TRAP_RULE name =~ /script/
be a more
On Sat, 2013-03-09 at 20:56 +, Martin Gregorie wrote:
Correction:
describe SCRIPTED_NAME Attachment name or filename is a script
mimeheader __SCRIPTN1Content-Type =~ /name.*\=.*script/
mimeheader __SCRIPTN2Content-Disposition =~ /filename.*\=.*script/
meta SCRIPTED_NAME
Can you pastebin an example? Not sure what you mean with the attachment
*name* contains JS code.
Here is the requested sample
http://pastebin.com/DN7PRnH4
The attachment name contains the javascript code at the bottom of the pasted
file.
thanks
Ashish
-Original Message-
From: Axb
On 08/03/13 14:05, Sharma, Ashish wrote:
Can you pastebin an example? Not sure what you mean with the attachment
*name* contains JS code.
Here is the requested sample
http://pastebin.com/DN7PRnH4
The attachment name contains the javascript code at the bottom of the pasted
file.
thanks
Sharma, Ashish skrev den 2013-03-08 15:05:
The attachment name contains the javascript code at the bottom of the
pasted file.
extracttext plugin ?, so bayes learning javascript attachments ?
John Hardin skrev den 2013-03-08 20:31:
This is a simple, standard and robust solution to your problem that
also prevents other attack vectors you haven't thought of yet.
if php build with tidy its simple :)
All,
I have a mail receiving server that parses incoming emails for email attachment
and the files are listed on a web page for users to see.
Here I need to check for email attachment name for containing Javscript code
that could get potentially executed when displayed on a webpage.
Is there
On 03/06/2013 11:20 AM, Sharma, Ashish wrote:
All,
I have a mail receiving server that parses incoming emails for email attachment
and the files are listed on a web page for users to see.
Here I need to check for email attachment name for containing Javscript code
that could get potentially
On Wed, 6 Mar 2013, Sharma, Ashish wrote:
I have a mail receiving server that parses incoming emails for email
attachment and the files are listed on a web page for users to see.
Here I need to check for email attachment name for containing Javscript
code that could get potentially executed
18 matches
Mail list logo
