On 12/6/2017 10:00 AM, RW wrote:
On Wed, 6 Dec 2017 06:29:01 -0500
Kevin A. McGrail wrote:
I've added these rules to KAM.cf and would appreciate feedback.
#MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the
idea #NUL
header __KAM_MAILSPLOIT1 From =~ /[\0]/
describe __KAM_MAILSPLOIT1 RFC2047 Exploit
Note that this may be a bit dangerous without "normalize_charset 1"
which causes text to be transcoded to UTF-8. In UTF-16 in particular
all ASCII characters encode with a zero byte. Even with normalization
there may be some headers that don't transcode properly.
I've never seen a from header encoded in UTF-16, but then I don't get
much mail in Asian languages.
Agreed. Same here. I believe it adds some overhead and a perl module
requirement but likely a good point to document for now.
Anyone running with normalize_charset to way in on pros and cons?
Also, about the newline / control chars regex, I want to skip newline
because we expect one of those.
So [\x00-\x09\x0b-\x1f], yes?
Regards,
KAM
