https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8186
Bug ID: 8186
Summary: A HREF with "h/" prefix before attribute makes URI
invisible to SA
Product: Spamassassin
Version: 4.0.0
Hardware: PC
OS: Windows 10
Status: NEW
Severity: normal
Priority: P2
Component: spamassassin
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
We are seeing phishing spams using malicious URIs with domains already listed
in URI BLs but SA does not tag the mails despite rules for the URI BLs being
enabled.
Inspecting the HTML we see that in place of <a href="..."> the spammers use <a
h/href="..."> or <a s/href="...">. We confirmed that both the Mozilla
Thunderbird mail client and Google Chrome render such broken HTML as normal
clickable hypertext links so they must be ignoring the "s/" or "h/" part right
before the href= attribute.
This discrepancy between mail client parsing and SA gives spammers a way to
circumvent all URI checking rules in SA.
--
You are receiving this mail because:
You are the assignee for the bug.
