[rt-users] defanging URLs in incoming e-mails?
Riggle, Kevin
kriggle at akamai.com
Wed May 29 15:04:21 EDT 2013
On 2013-5-29 8:56 AM, "Ruslan Zakirov" <ruz at bestpractical.com> wrote:
>On Wed, May 29, 2013 at 3:41 AM, Thomas Sibley <trs at bestpractical.com>
>wrote:
>
>On 05/28/2013 03:58 PM, Riggle, Kevin wrote:
>> It looks like RT's MailPlugins are only for go/no-go filtering and
>> authentication, and aren't intended to be used to modify the body of the
>> message before it is made into a transaction. (Or will changes to the
>> MIME::Entity be honored?)
>
>
>MailPlugins which are "ApplyBeforeDecode" can completely alter the
>MIME::Entity, I believe. Start reading the code in
>RT::Interface::Email::Gateway().
>
>
>
>Either step can adjust MIME::Entity and actually ApplyBeforeDecode is not
>the right place. This stage is for plugins that want access to mail as it
>was including content transfer encoding.
>
>What kind of defanging do you want to achieve?
Approximately s#http://malicious.example.com/foo/bar#hXXp :// malicious
[.] example [.] com / foo / bar#, over the entire message. (I'll actually
build it with Regexp::Common::URI, of course.)
- Kevin
More information about the rt-users
mailing list