On Wed, June 19, 2013 3:47 pm, Axb wrote:
> SA's URIBL plugin doesn't and shouldn't look in the alt attribute.
Why not, exactly? I wouldn't look at it for _all_ img tags, only for ones
that are clearly MailScanner-munged. That is, one would look for the
patterns that MailScanner uses for munging, and if detected, pull out the
original URI from the alt attribute. I admit to being new to the SA game
but I'm not understanding why that "shouldn't" happen, i.e. why it's bad,
against form, insecure, etc.
Now, MailScanner's munging format is, IIRC, user-configurable. Therefore,
there may not be a fully universal munged format (although there is
certainly a "default" format). So, one way to glue this to MailScanner is
to have SA load the MailScanner config, figure out what the munged format
is from that, and use that as the rule for whether or not to look in the
alt attribute. If MailScanner is not installed or one does not want to
glue them together, then one would use the default format. And, of
course, this could be completely user-toggleable, i.e. one could choose
whether to unmunge MailScanner tags, or leave them as-is (i.e. what
currently happens).
Also, I should clarify that I wasn't advocating for a modification to the
URIBL plugin, but rather the creation of a NEW plugin that would unmunge
MailScanner URIs. This plugin would pre-process the mail prior to the
URIBL and Bayes analysis, to return the mail to its "original" state
before MailScanner munged it. If that's not possible due to how SA
plugins work (i.e. if you can't specify the order of plugins being run)
then it could simply run alongside URIBL as a "Mailscanner-unmunged URIBL"
...
In any case, I guess I don't see why this isn't possible or not
recommended. I only see that nobody has done it, but I don't see that it
shouldn't be done.
Cheers.
--- Amir
