Em Dom, 2004-04-25 às 12:51, Bjarni R. Einarsson escreveu:
I haven't looked at the code recently, but if I recall it would only require
a very minor change to the tables in HTMLCleaner.pm to implement this, and
it may infact already be implemented in the cleaner's "paranoid" mode. The
obvious strategy is to simply tell the cleaner to defang URLS ending in
i'm running sanitizer 1.66 (debian testing package), and I tried with
both feat_paranoid and feat_webbugs active... the sanitizer defangs the
safe <IMG SRC> tags, but let pass a <A HREF="http://somesite/scam.exe">.
Unfortunately, there's no way to tell from the URL alone whether fetching it
will actually cause the browser to download an executable or whether it will
simply invoke a CGI which will send html, text or an image.
Also, this sort of sanitization WILL cause problems with legitimate web
sites. Some sites, including some pretty big and respectable companies, use
the .exe ending on their server-side CGI scripts. Also, there's no reason
the scam mails have to use .exe in their URLs - the could simply point to a
generic URL - even one ending in .html or .gif - which would then redirect
the browser to a .exe download.
yes, i'm aware of this... those respectable sites that have links ending
in .exe, if they send mail with links, they're not so respectable.
Knowing that a scam URL doesn't really need to have the .exe on this
end, this solution is really a half-solution, because we can't test the
content-type of the link, but the majority of scams i've seen, uses .exe
For this reason defanging like this isn't enabled by default, it's not
likely to work well and will break legitimate URLs. However, if the scam
mails are using simple, easy to block URLS, then it may be worth the effort
to try anyway... I haven't much experience with these messages, so I'd be
interested in hearing peoples' opinions on this.
here in brazil, this thing is getting very common, after people learned
that forged emails from bank enterprises was really forged, the scammers
are trying to get people using fake web postcards, fake links to forms
to participate in popular reality shows, and it's growing day by day...
on the ISPs that are my customers, we are wanting to offer this as an
opt-in resource for the end users.
I'm not a good perl coder, so, if somebody snips some code here, I can
paste it on the sanitizer code... can anybody help me?
-- Claudemir Todo Bom email@example.com http://www.wiredway.com.br/~allgood
Attachments: + http://mailtools.anomy.net/archives/anomy-list//20/d3/408bf4c7/01.signature.asc