filter evasion
John McCain
jmccain at layer3al.com
Thu Nov 6 22:10:05 CET 2003
I'm seeing messages slip through that have the following characteristics:
sp</ham>am
Which tokenize as:
sp
ham
am
Previously, this sort of thing was done with html comments:
sp<!--ham-->am
Which would tokenize (in .15.8) as:
spam
What can be done about this? I personally don't think it would be a great
loss to simply ingore all html closing tags. I can't think of any other HTML
evil which could be perpetrated to do this any other sort of way without
seriously disrupting the text.
More information about the Bogofilter
mailing list