Thomas,
I searched for the email that caused me to send email about:
> href=3D
> 。
I could not find the message. Also, I set up a a test rig with ASSP
version 2.1.2(12068) and fed it real messages with example coding. ASSP
caught each one and processed appropriately.
Test messages were not double encoded. I have never seen the issue
double encoded.
Sorry for the confusion.
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)
On 3/13/2012 3:34 AM, Thomas Eckardt wrote:
> Both encodings are detected and decoded by assp.
>
> If you see both strings after '$data = decHTMLent($data);'
>
> href=3D
> 。
>
> they must be double encoded in the original source - something like:
>
> &#12290
> or
> &#%31%32=32%39=30.
>
> If this is the case - IMHO these stings should not be shown as an URL in
> the mail client.
>
> Thomas please could you check this for me - thank you.
>
> Thomas
>
>
>
>
> Von: Michael Thomas<m...@mathbox.com>
> An: ASSP development mailing list<assp-test@lists.sourceforge.net>
> Datum: 11.03.2012 19:27
> Betreff: Re: [Assp-test] Antwort: Re: Antwort: URI Scanning fixes
>
>
>
> Thomas,
>
> I am using ASSP version 2.1.2(12068). AFAIK that is the latest. The
> issue exists in ASSP version 2.1.2(12068).
>
> Michael Thomas
> Mathbox
> 978-687-3300
> Toll Free: 1-877-MATHBOX (1-877-628-4269)
>
> On 3/11/2012 1:40 PM, Thomas Eckardt wrote:
>>> but I use $AddURIS2MyHeader,
>>
>>> Without those two lines, ASSP never sees the example URI as URI. ASSP
>> skips over them.
>>
>> Do you use the latest version - this was changed in any of the latest
>> versions.
>>
>>> $uri =~ s/\%([a-f0-9]{2})/chr(hex($1))/gieo; #
>>> decode percents
>>> $uri =~ s/\&\#(\d+)\;?/decHTMLentHD($1)/geo; #
>> decode
>>> &#ddd's
>>> $uri =~
>>> s/\&\#x((?:[a-f0-9]{2})+)\;?/decHTMLentHD($1,'h')/geio; #
> decode
>>> &#xHHHH's
>>>
>>
>>
>> Thomas
>>
>>
>>
>>
>>
>> Von: Michael Thomas<m...@mathbox.com>
>> An: ASSP development mailing list<assp-test@lists.sourceforge.net>
>> Datum: 11.03.2012 18:28
>> Betreff: Re: [Assp-test] Antwort: URI Scanning fixes
>>
>>
>>
>> Thomas,
>>
>> If you insist, but I use $AddURIS2MyHeader, so I see a list of all URI
>> discovered by ASSP. I downloaded ASSP version 2.1.2(12068) and installed
>> it. When I discovered spam getting through, I examined the spam and
>> realized I had forgotten to add those two lines.
>>
>> Without those two lines, ASSP never sees the example URI as URI. ASSP
>> skips over them.
>>
>> With those two lines added, ASSP sees the URI as URI and adds them to
>> the URI list. Further, if the URI are blacklisted, ASSP acts
>> appropriately. Without those two lines, ASSP does not act on the
>> offending URI.
>>
>> Variant #1 - "href=3D"
>> In Variant #1, the hex code is not in the URI. The hex code is in the
>> HTML anchor syntax.
>> Hotmail Example
>> ---------------------------
>> <a href=3D"http://chesapeakeluxurydays=
>> pa.com/flash.php">http://chesapeakeluxurydayspa.com/flash.php</a>=0A=
>> <br>=0A=
>> =0A=
>> <br> <br> <br> <br> <br> <br> <br>=0A=
>> ---------------------------
>>
>> Variant #2 - "。"
>> I do not know why ASSP misses this one, but it does.
>>
>> I see these variants from Hotmail and Yahoo all the time.
>>
>> Michael Thomas
>> Mathbox
>> 978-687-3300
>> Toll Free: 1-877-MATHBOX (1-877-628-4269)
>>
>> On 3/11/2012 5:06 AM, Thomas Eckardt wrote:
>>> This is not needed
>>>
>>> - assp decodes all MIME encodings in&cleanMIMEBody2UTF8($bd).
>>>
>>> - assp decodes all HTML encodings in
>>> $data = decHTMLent($data);.
>>> and
>>> $uri =~ s/\%([a-f0-9]{2})/chr(hex($1))/gieo; #
>>> decode percents
>>> $uri =~ s/\&\#(\d+)\;?/decHTMLentHD($1)/geo; #
>> decode
>>> &#ddd's
>>> $uri =~
>>> s/\&\#x((?:[a-f0-9]{2})+)\;?/decHTMLentHD($1,'h')/geio; #
> decode
>>> &#xHHHH's
>>>
>>>
>>>
>>> Thomas
>>>
>>>
>>>
>>>
>>> Von: Michael Thomas<m...@mathbox.com>
>>> An: ASSP development mailing list<assp-test@lists.sourceforge.net>
>>> Datum: 10.03.2012 20:21
>>> Betreff: [Assp-test] URI Scanning fixes
>>>
>>>
>>>
>>> Thomas,
>>>
>>> In sub URIBLok_Run I made the following modifications to handle two URI
>>> variants:
>>>
>>> Variant 1: href=3d"http://...
>>> Variant 2: http://somename。com
>>>
>>>
>>> my $data =&cleanMIMEBody2UTF8($bd);
>>> $data =~ s/\=(?:\015?\012|\015)//go;
>>> # MIKE
>>> $data =~ s/href\=3[dD]/href\=/go;
>>> $data =~ s/\&\#12290\;/./go;
>>> # End MIKE
>>> $data = decHTMLent($data);
>>>
>>>
>>>
>>>
>>>
>>>
>>
> ------------------------------------------------------------------------------
>>> Virtualization& Cloud Management Using Capacity Planning
>>> Cloud computing makes use of virtualization - but cloud computing
>>> also focuses on allowing computing to be delivered as a service.
>>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>>>
>>>
>>>
>>> _______________________________________________
>>> Assp-test mailing list
>>> Assp-test@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
> ------------------------------------------------------------------------------
>> Virtualization& Cloud Management Using Capacity Planning
>> Cloud computing makes use of virtualization - but cloud computing
>> also focuses on allowing computing to be delivered as a service.
>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential,
> legally
>> privileged and protected in law and are intended solely for the use of
> the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>>
>>
>>
>>
> ------------------------------------------------------------------------------
>> Virtualization& Cloud Management Using Capacity Planning
>> Cloud computing makes use of virtualization - but cloud computing
>> also focuses on allowing computing to be delivered as a service.
>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>>
>>
>>
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
> ------------------------------------------------------------------------------
> Virtualization& Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
>
>
>
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
