Internet Explorer URL Display problem

Ken Anderson ka at PACIFIC.NET
Mon Dec 15 18:46:30 GMT 2003 

Seeing a false positive from a weatherbug spam using this re.
 > /%([01][0-9a-f]|7f).*@/i

It's coming from this mailto link:

mailto:community at isabel.weatherbug.com?Subject=Photo%20Submission&Body=Step%201%20-%20Safely%20take%20photos%20you%27d%20like%20to%2
0share%20with%20the%20community%20before%2C%20during%20or%20after%20the%20storm.%0D%0A%0D%0AStep%202%20-%20Send%20this%20email%20wit
h%20your%20photos%20attached%20to%3A%20community at isabel.weatherbug.com

Any ideas?

Thanks,
Ken A.
Pacific.Net







Julian Field wrote:

> At 17:29 12/12/2003, you wrote:
>
>> At 17:09 12/12/2003, you wrote:
>>
>>> On Fri, 2003-12-12 at 03:47, Randal, Phil wrote:
>>> > RFC 2396 (http://www.faqs.org/rfcs/rfc2396.html) generalises URIs.
>>>
>>> I only skimmed the spec. But what I gathered, unless I completely
>>> misunderstood the document is that characters from %00 through %1F
>>> inclusive and %7F are control characters and shouldn't be in a URI.
>>>
>>>    Although they are disallowed within the URI syntax, we include here a
>>>    description of those US-ASCII characters that have been excluded and
>>>    the reasons for their exclusion.
>>>
>>>    The control characters in the US-ASCII coded character set are not
>>>    used within a URI, both because they are non-printable and because
>>>    they are likely to be misinterpreted by some control mechanisms.
>>>
>>>    control     = <US-ASCII coded characters 00-1F and 7F hexadecimal>
>>>
>>> So how much trouble would we cause if we just disallowed the entire
>>> range of control characters from URIs? Can anyone think of a real
>>> website
>>> that legitimately uses any of these control codes within their URIs? I'm
>>> particularly concerned about shopping sites with their massive URIs.
>>
>>
>> Sounds good to me.
>
>
> The pattern for matching this is therefore
>
> /%([01][0-9a-f]|7f).*@/i
>
> so add this to spam.assassin.prefs.conf:
>
> uri     IE_VULN                 /%([01][0-9a-f]|7f).*@/i
> score   IE_VULN                 100.0
> describe        IE_VULN         Internet Explorer vulnerability
>
> and then restart MailScanner.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>

More information about the MailScanner mailing list