Internet Explorer URL Display problem

Sat Dec 13 10:23:38 GMT 2003

At 17:29 12/12/2003, you wrote:
>At 17:09 12/12/2003, you wrote:
>>On Fri, 2003-12-12 at 03:47, Randal, Phil wrote:
>> > RFC 2396 (http://www.faqs.org/rfcs/rfc2396.html) generalises URIs.
>>
>>I only skimmed the spec. But what I gathered, unless I completely
>>misunderstood the document is that characters from %00 through %1F
>>inclusive and %7F are control characters and shouldn't be in a URI.
>>
>>    Although they are disallowed within the URI syntax, we include here a
>>    description of those US-ASCII characters that have been excluded and
>>    the reasons for their exclusion.
>>
>>    The control characters in the US-ASCII coded character set are not
>>    used within a URI, both because they are non-printable and because
>>    they are likely to be misinterpreted by some control mechanisms.
>>
>>    control     = <US-ASCII coded characters 00-1F and 7F hexadecimal>
>>
>>So how much trouble would we cause if we just disallowed the entire
>>range of control characters from URIs? Can anyone think of a real website
>>that legitimately uses any of these control codes within their URIs? I'm
>>particularly concerned about shopping sites with their massive URIs.
>
>Sounds good to me.

The pattern for matching this is therefore

/%([01][0-9a-f]|7f).*@/i

so add this to spam.assassin.prefs.conf:

uri     IE_VULN                 /%([01][0-9a-f]|7f).*@/i
score   IE_VULN                 100.0
describe        IE_VULN         Internet Explorer vulnerability

and then restart MailScanner.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654