#
# File : $Source: /cvsroot/ijbswa/current/default.filter,v $
#
-# $Id: default.filter,v 1.11.2.17 2003/12/01 21:58:46 oes Exp $
+# $Id: default.filter,v 1.11.2.18 2003/12/02 11:25:27 oes Exp $
#
# Purpose : Rules to process the content of web pages
#
#
s%f\("javascript:location.replace\('mk:@MSITStore:C:'\)"\);%alert\("This page looks like it tries to use a vulnerability described here:\n http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"\);%siU
+# Address bar spoofing (http://www.secunia.com/advisories/10395/):
+#
+s/(<a[^>]*href[^>]*)(\x01|\x02|\x03|%0[012])/$1MALICIOUS-LINK/ig
+
# Nimda:
#
s%<script language="JavaScript">(window\.open|1;''\.concat)\("readme\.eml", null, "resizable=no,top=6000,left=6000"\)</script>%<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>%g
#
s|(<img [^>]*)onload|$1never|sig
-
##############################################################################
#
# Revisions :
# $Log: default.filter,v $
+# Revision 1.11.2.18 2003/12/02 11:25:27 oes
+# Fixed a line trashed in previous commit
+#
# Revision 1.11.2.17 2003/12/01 21:58:46 oes
# Assorted tuning:
#