On Dec 6, 2018, at 12:14 PM, John Hardin <jhar...@impsec.org> wrote:
>
> Runaway backtracking that was killing masscheck for several people.
Hrm, that is disconcerting. I'm not sure where any backtracking might be
occurring...
Can anyone help improve this suggested rule?
rawbody AC_HTML_ENTITY_BONANZA_NEW
(?:(?:\w|\s|[.,!?:'"()$])*(?:&(?:[A-Za-z0-9]{2,}|#(?:[0-9]{2,5}|x[0-9A-F]{2,4}));\s*)+){10,}
describe AC_HTML_ENTITY_BONANZA_NEW Lots of HTML entities, possibly
interspersed within words
I don't see where there is backtracking, and I tested this on spamples prior to
suggesting it... but clearly I must have missed something. Any help is
appreciated.
(John: is it worth sandboxing the other proposed ZW rule,
AC_HTML_ZEROWIDTH_BONANZA, or would that be duplicated by the unicode ZW
obfuscation rules? (The difference is that this is a rawbody rule.)
Thanks!
--- Amir
