From 62b68d363a7e71ba69aa4526204e38dabd508dfb Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 6 Feb 2025 14:56:56 +0100
Subject: [PATCH] Remove the obsolete ie-exploits filter

It doesn't actually reliably protect against Nimda, there never
were active maintainers and IE is obsolete anyway.

Also some virus scanners seem to be offended by the test case
for the filter in the source tarball.
---
 tests/cts/content-filters/data/test33 | 99 ---------------------------
 1 file changed, 99 deletions(-)
 delete mode 100644 tests/cts/content-filters/data/test33

diff --git a/tests/cts/content-filters/data/test33 b/tests/cts/content-filters/data/test33
deleted file mode 100644
index f1dc0db4..00000000
--- a/tests/cts/content-filters/data/test33
+++ /dev/null
@@ -1,99 +0,0 @@
-<testcase>
-<info>
-<keywords>
-HTTP
-HTTP GET
-filter ie-exploits
-</keywords>
-</info>
-
-<reply>
-<data>
-HTTP/1.1 200 OK
-Date: Thu, 22 Jul 2010 11:22:33 GMT
-Connection: close
-Content-Type: text/html
-X-Control: swsclose
-
-# Here are some strings the ie-exploits filter should filter:
-
-# pcrs command 1:
-
-f("javascript:location.replace('mk:@MSITStore:C:')");
-
-# pcrs command 2:
-
-<a href="http://www.example.org/%hex[%01]hex%@blafasel">
-<a href="http://www.example.org/%hex[%02]hex%@blafasel">
-<a href="http://www.example.org/%hex[%03]hex%@blafasel">
-
-<a href="http://www.example.org/%00@blafasel">
-<a href="http://www.example.org/%01@blafasel">
-<a href="http://www.example.org/%02@blafasel">
-
-# pcrs command 3:
-
-<script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script>
-<script language="JavaScript">1;''.concat("readme.eml", null, "resizable=no,top=6000,left=6000")</script>
-</data>
-</reply>
-
-<proxy-reply>
-<data>
-HTTP/1.1 200 OK
-Date: Thu, 22 Jul 2010 11:22:33 GMT
-Connection: close
-Content-Type: text/html
-X-Control: swsclose
-Content-Length: 890
-
-# Here are some strings the ie-exploits filter should filter:
-
-# pcrs command 1:
-
-alert("This page looks like it tries to use a vulnerability described here:
- http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2");
-
-# pcrs command 2:
-
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-
-# pcrs command 3:
-
-<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>
-<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>
-</data>
-</proxy-reply>
-
-<client>
-<server>
-http
-</server>
-<name>
-+filter{ie-exploits}
-</name>
-<features>
-proxy
-</features>
-<command>
-http://%HOSTIP:%HTTPPORT/ie-exploits/%TESTNUMBER
-</command>
-</client>
-
-<verify>
-<protocol>
-GET /ie-exploits/%TESTNUMBER HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-User-Agent: curl/%VERSION
-Accept: */*
-Connection: close
-
-</protocol>
-</verify>
-</testcase>
-- 
2.49.0