"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm" between
Mail-SpamAssassin-3.4.3.tar.bz2 and Mail-SpamAssassin-3.4.4-rc1.tar.bz2

About: SpamAssassin is a mail filter that uses a wide range of heuristic tests on mail headers and body text to identify "spam" (also known as unsolicited commercial email) incl. Bayesian (statistical) spam filter and several internet-based realtime blacklists. Release candidate.

OLEVBMacro.pm  (Mail-SpamAssassin-3.4.3.tar.bz2):OLEVBMacro.pm  (Mail-SpamAssassin-3.4.4-rc1.tar.bz2)
skipping to change at line 98 skipping to change at line 98
our $VERSION = '0.52'; our $VERSION = '0.52';
# https://www.openoffice.org/sc/compdocfileformat.pdf # https://www.openoffice.org/sc/compdocfileformat.pdf
# http://blog.rootshell.be/2015/01/08/searching-for-microsoft-office-files-conta ining-macro/ # http://blog.rootshell.be/2015/01/08/searching-for-microsoft-office-files-conta ining-macro/
my $marker1 = "\xd0\xcf\x11\xe0"; my $marker1 = "\xd0\xcf\x11\xe0";
my $marker2 = "\x00\x41\x74\x74\x72\x69\x62\x75\x74\x00"; my $marker2 = "\x00\x41\x74\x74\x72\x69\x62\x75\x74\x00";
# embedded object in rtf files (https://www.biblioscape.com/rtf15_spec.htm) # embedded object in rtf files (https://www.biblioscape.com/rtf15_spec.htm)
my $marker3 = "\x5c\x6f\x62\x6a\x65\x6d\x62"; my $marker3 = "\x5c\x6f\x62\x6a\x65\x6d\x62";
my $marker4 = "\x5c\x6f\x62\x6a\x64\x61\x74"; my $marker4 = "\x5c\x6f\x62\x6a\x64\x61\x74";
my $marker5 = "\x5c\x20\x6f\x62\x6a\x64\x61\x74"; my $marker5 = "\x5c\x20\x6f\x62\x6a\x64\x61\x74";
# Excel .xlsx encrypted package, thanks to Dan Bagwell for the sample
my $encrypted_marker = "\x45\x00\x6e\x00\x63\x00\x72\x00\x79\x00\x70\x00\x74\x00
\x65\x00\x64\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x61\x00\x67\x00\x65";
# this code burps an ugly message if it fails, but that's redirected elsewhere # this code burps an ugly message if it fails, but that's redirected elsewhere
# AZ_OK is a constant exported by Archive::Zip # AZ_OK is a constant exported by Archive::Zip
my $az_ok; my $az_ok;
eval '$az_ok = AZ_OK'; eval '$az_ok = AZ_OK';
# constructor: register the eval rule # constructor: register the eval rule
sub new { sub new {
my $class = shift; my $class = shift;
my $mailsaobject = shift; my $mailsaobject = shift;
skipping to change at line 840 skipping to change at line 842
return 1; return 1;
} }
if (index($data, "\xfe") == 520) { if (index($data, "\xfe") == 520) {
return 1; return 1;
} }
my $tdata = substr $data, 2000; my $tdata = substr $data, 2000;
$tdata =~ s/\\0/ /g; $tdata =~ s/\\0/ /g;
if (index($tdata, "E n c r y p t e d P a c k a g e") > -1) { if (index($tdata, "E n c r y p t e d P a c k a g e") > -1) {
return 1; return 1;
} }
if (index($tdata, $encrypted_marker) > -1) {
return 1;
}
} }
} }
sub _is_office_doc { sub _is_office_doc {
my ($data) = @_; my ($data) = @_;
if (index($data, $marker1) == 0) { if (index($data, $marker1) == 0) {
return 1; return 1;
} }
} }
 End of changes. 2 change blocks. 
0 lines changed or deleted 6 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)