is a mail filter that uses a wide range of heuristic tests on mail headers and body text to identify "spam" (also known as unsolicited commercial email) incl. Bayesian (statistical) spam filter and several internet-based realtime blacklists.
| OLEVBMacro.pm (Mail-SpamAssassin-3.4.3.tar.bz2) | : | OLEVBMacro.pm (Mail-SpamAssassin-3.4.4.tar.bz2) |
|---|
| | |
| skipping to change at line 98 | | skipping to change at line 98 |
|---|
| our $VERSION = '0.52'; | | our $VERSION = '0.52'; |
| | |
| # https://www.openoffice.org/sc/compdocfileformat.pdf | | # https://www.openoffice.org/sc/compdocfileformat.pdf |
| # http://blog.rootshell.be/2015/01/08/searching-for-microsoft-office-files-conta
ining-macro/ | | # http://blog.rootshell.be/2015/01/08/searching-for-microsoft-office-files-conta
ining-macro/ |
| my $marker1 = "\xd0\xcf\x11\xe0"; | | my $marker1 = "\xd0\xcf\x11\xe0"; |
| my $marker2 = "\x00\x41\x74\x74\x72\x69\x62\x75\x74\x00"; | | my $marker2 = "\x00\x41\x74\x74\x72\x69\x62\x75\x74\x00"; |
| # embedded object in rtf files (https://www.biblioscape.com/rtf15_spec.htm) | | # embedded object in rtf files (https://www.biblioscape.com/rtf15_spec.htm) |
| my $marker3 = "\x5c\x6f\x62\x6a\x65\x6d\x62"; | | my $marker3 = "\x5c\x6f\x62\x6a\x65\x6d\x62"; |
| my $marker4 = "\x5c\x6f\x62\x6a\x64\x61\x74"; | | my $marker4 = "\x5c\x6f\x62\x6a\x64\x61\x74"; |
| my $marker5 = "\x5c\x20\x6f\x62\x6a\x64\x61\x74"; | | my $marker5 = "\x5c\x20\x6f\x62\x6a\x64\x61\x74"; |
|
| | # Excel .xlsx encrypted package, thanks to Dan Bagwell for the sample |
| | my $encrypted_marker = "\x45\x00\x6e\x00\x63\x00\x72\x00\x79\x00\x70\x00\x74\x00 |
| | \x65\x00\x64\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x61\x00\x67\x00\x65"; |
| | |
| # this code burps an ugly message if it fails, but that's redirected elsewhere | | # this code burps an ugly message if it fails, but that's redirected elsewhere |
| # AZ_OK is a constant exported by Archive::Zip | | # AZ_OK is a constant exported by Archive::Zip |
| my $az_ok; | | my $az_ok; |
| eval '$az_ok = AZ_OK'; | | eval '$az_ok = AZ_OK'; |
| | |
| # constructor: register the eval rule | | # constructor: register the eval rule |
| sub new { | | sub new { |
| my $class = shift; | | my $class = shift; |
| my $mailsaobject = shift; | | my $mailsaobject = shift; |
| | |
| skipping to change at line 840 | | skipping to change at line 842 |
|---|
| return 1; | | return 1; |
| } | | } |
| if (index($data, "\xfe") == 520) { | | if (index($data, "\xfe") == 520) { |
| return 1; | | return 1; |
| } | | } |
| my $tdata = substr $data, 2000; | | my $tdata = substr $data, 2000; |
| $tdata =~ s/\\0/ /g; | | $tdata =~ s/\\0/ /g; |
| if (index($tdata, "E n c r y p t e d P a c k a g e") > -1) { | | if (index($tdata, "E n c r y p t e d P a c k a g e") > -1) { |
| return 1; | | return 1; |
| } | | } |
|
| | if (index($tdata, $encrypted_marker) > -1) { |
| | return 1; |
| | } |
| } | | } |
| } | | } |
| | |
| sub _is_office_doc { | | sub _is_office_doc { |
| my ($data) = @_; | | my ($data) = @_; |
| if (index($data, $marker1) == 0) { | | if (index($data, $marker1) == 0) { |
| return 1; | | return 1; |
| } | | } |
| } | | } |
| | |
| | | |
| End of changes. 2 change blocks. |
|---|
| 0 lines changed or deleted | | 6 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 