7877 – Regex rawbody __WORD_INVIS and __FONT_INVIS issues

Bug 7877 - Regex rawbody __WORD_INVIS and __FONT_INVIS issues

Summary: Regex rawbody __WORD_INVIS and __FONT_INVIS issues

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	spamassassin (show other bugs)
Version:	unspecified
Hardware:	PC Windows NT

Importance:	P2 major
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-01-04 15:05 UTC by Marius Stratulat
Modified:	2021-01-04 17:38 UTC (History)
CC List:	2 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marius Stratulat 2021-01-04 15:05:55 UTC

Hi,

We have identified an issue with __WORD_INVIS and __FONT_INVIS regex on color: transparent.
Due to this current regex, it also matches 'background-color:transparent', we are getting high spam score due to this 6 if both tags.

rawbody   __WORD_INVIS                  /<(?!style)[a-z]+\s[^>]{1,80}(?:font(?:-size)?\s*:\s*(?:0*[01](?:\.\d+)?(?:px|pt|Q|vw|vh|vmin)|0+(?:\.\d+)?(?:cm|mm|in|pc|em|ex|ch|rem|lh|vmax))\s*[;'a-z]|color\s*:\s*transparent\s*[;'])[^>]{0,80}>\w{1,20}</i

  rawbody   __FONT_INVIS                  /<(?!style)[a-z]+\s[^>]{1,80}(?:font(?:-size)?\s*:\s*(?:0*[01](?:\.\d+)?(?:px|pt|Q|vw|vh|vmin)|0+(?:\.\d+)?(?:cm|mm|pc|ch|rem|lh|vmax|%)|0+(?:\.0\d*)(?:em|ex|in))(?:\s[a-z]|\s*[;'])|color\s*:\s*transparent\s*[;'])[^>]{0,80}>\w/i

Comment 1 John Hardin 2021-01-04 16:24:10 UTC

Can you please attach a complete (all message headers intact) email that demonstrates this problem?

Thanks.

Comment 2 Marius Stratulat 2021-01-04 17:19:43 UTC

Hi John,

I cannot attach the complete email due to privacy.
It can be easy reproduce using this example:

<span style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test1</span></li></ul>
<span style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test2</span></li></ul>
<span style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test3</span></li></ul>
<span style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test4</span></li></ul>
<span style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test5</span></li></ul>
<span style="background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;">Test6</span></li></ul>

Comment 3 John Hardin 2021-01-04 17:34:22 UTC

Sending        svn/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Transmitting file data .done
Committing transaction...
Committed revision 1885117.

Comment 4 John Hardin 2021-01-04 17:35:01 UTC

Rule discrimination improved

Comment 5 Marius Stratulat 2021-01-04 17:38:37 UTC

Thanks for the quick fix. Have a nice day.