Bjarni R. Einarsson wrote:
> Also, this sort of sanitization WILL cause problems with legitimate web
> sites. Some sites, including some pretty big and respectable companies, use
> the .exe ending on their server-side CGI scripts. Also, there's no reason
> the scam mails have to use .exe in their URLs - the could simply point to a
> generic URL - even one ending in .html or .gif - which would then redirect
> the browser to a .exe download.
> For this reason defanging like this isn't enabled by default, it's not
> likely to work well and will break legitimate URLs. However, if the scam
> mails are using simple, easy to block URLS, then it may be worth the effort
> to try anyway... I haven't much experience with these messages, so I'd be
> interested in hearing peoples' opinions on this.
Important technigue in modern scam mails are complex, obfuscated URL's. Asterisk, @,
recent "0x01 bug" in MSIE, backslash, etc.
Seems to be quite easy for detection and killing? Legitimate URL's shouldn't have all