[Esd-l] Sanitizer and SpamAssassin
John D. Hardin
jhardin at impsec.org
Sat Apr 10 09:51:08 PDT 2004
All:
At work I'm now using SpamAssassin along with the sanitizer, and
noticed that the image defanging was interfering with SpamAssassin's
built-in image rules.
So I fiddled around a bit, and now SA treats DEFANGED_IMG as
equivalent to IMG (etc. for the rest of the tags).
Anybody who's running SA 2.63 after the sanitizer is welcome to use
this patch as well. If you're running SA *before* the sanitizer it's
not necessary.
Download it, and cd to wherever the SA files are installed (in my
case, /usr/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/) and then run:
cp HTML.pm HTML.pm.old (always back up!)
patch < SA-Sanitizer.patch
The SA developers don't want to try to deal with a multitude of
possible ways to mangle HTML, so it makes sense that this patch should
be hosted by me.
Patch is available at:
http://www.impsec.org/email-tools/SA-Sanitizer.patch
(and on the mirrors as well)
Not sanitizer related:
I've also written a little perl script that will generate SA rules for
obfuscated words from a word list. You can use it to generate a useful
ruleset by itself, or as a starting point for more complicated rules.
Try it out! I've found it quite handy.
http://www.impsec.org/email-tools/obfusc.pl
As always, comments solicited on both. Enjoy!
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Bush? Kerry? I'm so sick of our elections always being "choose the
lesser of two evils."
-----------------------------------------------------------------------
206 days until the Presidential Election
More information about the esd-l
mailing list