http://bugzilla.spamassassin.org/show_bug.cgi?id=3514
Summary: Regexp Problems on 2.63
Product: Spamassassin
Version: 2.63
Platform: PC
OS/Version: FreeBSD
Status: NEW
Severity: major
Priority: P3
Component: Rules (Eval Tests)
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Let's assume you're writing spam. If you add an \n character inside an
HTML label, the regexp stops parsing there, so you can put anything you
want below.
I've seen this structure in HTML spam more than once, so I assume some
spammer has learnt about it.
Example:
> uname -a
FreeBSD ... 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Wed Mar 17 12:03:04 PST 2004
> spamassassin --version
SpamAssassin version 2.63
> cat user_prefs
body LOCAL_BODY_SPAMMER_URI_COM2 /(mail15).com/i
describe LOCAL_BODY_SPAMMER_URI_COM2 Spam .com domain-name (2)
score LOCAL_BODY_SPAMMER_URI_COM2 100.0
# this just looks for mail15.com
> cat spam
>From [EMAIL PROTECTED] Wed Jun 16 00:05:49 2004
Received: from 1.1.1.1 by 1.1.1.1 with ESMTP id 1;
Wed, 16 Jun 2004 05:03:37 -0700
Message-ID: <[EMAIL PROTECTED]>
From: "Carolyn" <[EMAIL PROTECTED]>
Date: Wed, 16 Jun 2004 08:05:49 +0100
To: [EMAIL PROTECTED]
Subject: Need a helping hand?
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset=iso-8859-1
<HEAD>
<TITLE>Cia</TITLE>
</HEAD>
<BODY BACKGROUND="" BGcolor=
"#fce4e5" TEXT="#000000" LINK="#0000ff" VLINK="#800080" ALINK="#ff0000">
Loading Ad... Please Wait<br>
<p>
<CENTER><A href=
"mail15.com">
</BODY>
</HTML>
> spamassassin -p user_prefs < spam
>From [EMAIL PROTECTED] Wed Jun 16 00:05:49 2004
...
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
apu.bmrc.berkeley.edu
X-Spam-Level: *
X-Spam-Status: No, hits=1.8 required=5.0 tests=DATE_IN_PAST_03_06,
FORGED_YAHOO_RCVD,HTML_70_80,HTML_MESSAGE,HTML_TAG_BALANCE_HTML,
MIME_HTML_ONLY autolearn=no version=2.63
...
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
