What's that?
Pavel Kankovsky
peak at argo.troja.mff.cuni.cz
Sun Sep 12 00:02:43 CEST 2004
On Tue, 7 Sep 2004, Tom Anderson wrote:
> Careful about /dev/null'ing JScript.Encode... it's a Microsoft
> proprietary technology, [...]
And this is a good and sufficient reason to stop it before it spreads
like a contagious disease.
Moreover, I do not think anyone has a legitimate reason to obfuscate
(obfuscation is not encryption) email contents. Either the recipient is
intended to see it, then there is no point in obfuscation, or the
recipient is not intended to see, and then it should not be sent in
the first place.
JScript.Encode is good for spammers and malware. And perhaps for MS with
its delusions of world domination. It is bad for anyone else.
> It'd be better to decode it and treat it the same way as regular
> javascript is currently.
Well, JS is just another level of obfuscation. There is no reliable way to
determine what the real visible contents of "JS-enabled HTML" is short of
running the code in question.
Javascript in email is good for spammers and malware. Etc. See above.
So, yes, Bogofilter should treat JScript.Encode and regular Javascript the
same way (more or less). It should recognize their presence and be able to
recognize them as strong spam indicators.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
More information about the Bogofilter
mailing list