MS 4.59.4-1: phishing filter: tags inside links
Juan Pablo Salazar Bertín
snifer_ at hotmail.com
Mon Apr 30 03:54:10 IST 2007
In MailScanner 4.59.4-1, if someone send us a link like this:
<a href=http://www.somesite.tld> <font color=blue> <font size=4> <u>
http://www.somesite.tld </font> </font> </u> </a>
We'll get something like this:
<a href=http://www.somesite.tld> </font> </font> </u> <font color=blue> <font
size=4> <u> http://www.somesite.tld </a>
That's because we're adding opening tags inside links text to $DisarmLinkText,
and instead of adding ending tags to $DisarmLinkText, we're printing them.
I'm not sure if the objective is not to allow tags inside links (why would we
want that?), so in case that's not the objective, I think a possible solution is
that, in file Message.pm, the function DisarmEndtagCallback should use some
output var (like DisarmTagCallback does), and at the end of the function, to use
something like:
if ($DisarmInsideLink) {
$DisarmLinkText .= $output;
} else {
print $output;
}
Also, something I noticed is that, at the end of function DisarmTagCallback, the
following is checked:
if ($DisarmInsideLink && ($tagname ne 'a' || !$DisarmPhishing))
but every time $DisarmInsideLink is true, $DisarmPhishing is true also. So may
be this could be shortened to:
if ($DisarmInsideLink && $tagname ne 'a')
That's all for now, I hope this helps to the MailScanner development.
More information about the MailScanner
mailing list