From 62b68d363a7e71ba69aa4526204e38dabd508dfb Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Thu, 6 Feb 2025 14:56:56 +0100 Subject: [PATCH] Remove the obsolete ie-exploits filter It doesn't actually reliably protect against Nimda, there never were active maintainers and IE is obsolete anyway. Also some virus scanners seem to be offended by the test case for the filter in the source tarball. --- tests/cts/content-filters/data/test33 | 99 --------------------------- 1 file changed, 99 deletions(-) delete mode 100644 tests/cts/content-filters/data/test33 diff --git a/tests/cts/content-filters/data/test33 b/tests/cts/content-filters/data/test33 deleted file mode 100644 index f1dc0db4..00000000 --- a/tests/cts/content-filters/data/test33 +++ /dev/null @@ -1,99 +0,0 @@ - - - -HTTP -HTTP GET -filter ie-exploits - - - - - -HTTP/1.1 200 OK -Date: Thu, 22 Jul 2010 11:22:33 GMT -Connection: close -Content-Type: text/html -X-Control: swsclose - -# Here are some strings the ie-exploits filter should filter: - -# pcrs command 1: - -f("javascript:location.replace('mk:@MSITStore:C:')"); - -# pcrs command 2: - - - - - - - - - -# pcrs command 3: - - - - - - - - -HTTP/1.1 200 OK -Date: Thu, 22 Jul 2010 11:22:33 GMT -Connection: close -Content-Type: text/html -X-Control: swsclose -Content-Length: 890 - -# Here are some strings the ie-exploits filter should filter: - -# pcrs command 1: - -alert("This page looks like it tries to use a vulnerability described here: - http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"); - -# pcrs command 2: - - - - - - - - - -# pcrs command 3: - -
WARNING: This Server is infected with Nimda! -
WARNING: This Server is infected with Nimda! - - - - - -http - - -+filter{ie-exploits} - - -proxy - - -http://%HOSTIP:%HTTPPORT/ie-exploits/%TESTNUMBER - - - - - -GET /ie-exploits/%TESTNUMBER HTTP/1.1 -Host: %HOSTIP:%HTTPPORT -User-Agent: curl/%VERSION -Accept: */* -Connection: close - - - - -- 2.49.0