[Mimedefang] Browser Bug: Very bad in IE and varies on Netscapeand Mozilla
Lucas Albers
admin at cs.montana.edu
Sat Dec 27 04:11:00 EST 2003
scuba at centroin.com.br said:
> Hi,
>
> Looking at my logs I realized that this URI is matched with the SA
> rule in 20_uri_tests.cf:
>
> uri HTTP_ESCAPED_HOST /^https?\:\/\/[^\/\s]*%[0-9a-fA-F][0-9a-fA-F]/
> describe HTTP_ESCAPED_HOST Uses %-escapes inside a URL's hostname
>
> Isn't it just the case of increase the score?
>
Mcafee already detects this as a virus. as urlspoof. variant.
If you have it set to detect trojans and other variants.
I'm sure all the other virus venders detect, so we should not have to do
anything, to be protected.
Your regular expression for this one can be more specific, as you need at
least two domains the real domain and the spoof domain, and a @ and :
character.
So you could make a very specific regular expression to match this.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list