https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6921
Bug ID: 6921
Summary: 'MimeHeader' plugin does not decode mime headers
encoded as per RFC 2047
Product: Spamassassin
Version: 3.3.1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Plugins
Assignee: [email protected]
Reporter: [email protected]
Classification: Unclassified
Refering to ' http://en.wikipedia.org/wiki/MIME' section 'Encoded-Word'
>>Content-Type: text/plain; charset=UTF-8;
>>name="=?UTF-8?B?PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PnRlcy50eHQ=?="
>>Content-Transfer-Encoding: 7bit
>>Content-Disposition: attachment;
>> filename="=?UTF-8?B?PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PnRlcy50eHQ=?="
Sample *.eml is attached.
Here I have encoded the harmful filename '<script>alert(1)</script>tes.txt' to
base64 and added them into the email as it's allowed as per RFC 2047 in email
headers and is a valid form.
This is bypassing the spam rule that I am using as follows:
>>describe SCRIPTED_NAME Attachment name or filename is a script
>>mimeheader __SCRIPTN1 Content-Type =~ /name.*\=.*<script>/
>>mimeheader __SCRIPTN2 Content-Disposition =~ /filename.*\=.*<script>/
>>meta SCRIPTED_NAME (__SCRIPTN1 || __SCRIPTN2)
>>score SCRIPTED_NAME 6.0
'mimeheader' should decode all the suported mime email header formats including
RFC 2047.
--
You are receiving this mail because:
You are the assignee for the bug.
