At 7:20 AM -0700 3/18/09, Dennis Peterson wrote: >Erwan David wrote: >> On Wed, Mar 18, 2009 at 01:55:14PM CET, Dennis >>Peterson <denni...@inetnw.com> said: >>> Moray Henderson (ICT) wrote: >>>>> From: Török Edwin [mailto:edwinto...@gmail.com] >>>>>>> Try using <a href="..."> for the URL. >>>>>>> >>>>>> Is that a requirement? If so we should get the spammers on board because >>>>> some of >>>>>> them may not know this :). >>>>> No, there are more places from where URLs can be extracted, but "<a >>>>> href" is one that must work. >>>> With modern email clients "helpfully" >>>>presenting text that looks like a URL as a >>>>real URL at the client end, SafeBrowsing >>>>really ought to check the plain text, not >>>>just within html tags. >>>>http://pastebin.com/m13232c54 may be just >>>>plain text when transmitted and scanned, but >>>>it's an "<a href>" by the time I read it: >>>>underlined, blue, and turns my cursor to a >>>>pointy finger with a pop-up box saying "Click >>>>to follow link". >>> I don't imagine the world's premier spammers are sitting at their laptop in >>> their shorts sending out thousands of spams >>>with Thunderbird. There are purpose >>> built products for this and can format the mail any way they wish. >>> >> >> What was said is that many MUA, *receiving* a mail with an URL in the >> text will automatically create a link from it. It has bothing to do >> with the sending software. >> >> > >I see - I think we're all recommending that ClamAV detect URL's regardless of >how they're presented in the message. And that will certainly include encoded >URL's and all the HTML tricks that can be used to disguise them from scanning >software. I would not suggest they go so far as >to build in a JavaScript engine >to find those URL's that are intended to be >constructed in the browser or MUA at >rendering time, but it may come to that at some point.
And deal with character encodings prior to rule application.... _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
