blocking %00 / %01 exploits with mailscanner?

Julian Field mailscanner at
Mon Jan 19 21:09:57 GMT 2004

At 20:52 19/01/2004, you wrote:
>Is there a way to get mailscanner to block %00 / %01 uri exploits in the
>body of mails the same way mailscanner can block iframe exploits in the body?
>I want to drop these mails into /dev/null hard, i'd like mailscanner to do
>it, not procmail.

The current best solution is to create a SpamAssassin rule which catches
these and assigns a score of 100. Then set the SA high score threshold to
100 and delete high-scoring spam.
Works a treat.

You can create the rule by adding this to your spam.assassin.prefs.conf file:
uri     IE_VULN                 /https?:\/\/.*%([01][0-9a-f]|7f).*@/i
score   IE_VULN                 100.0
describe        IE_VULN         Internet Explorer vulnerability

Julian Field
Professional Support Services at
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list