The Un-Official Proxomitron Forum / Proxomitron Filters / FIP / Remove Obfuscated Code [20081221b]


Post Reply 
Remove Obfuscated Code [20081221b]
Dec. 19, 2008, 02:41 PM
Post: #8
DarthTrader Offline
Member
*
 		Posts: 68
Joined: Aug 2008
RE: Remove Obfuscated Code [20081216]
Here is a modified version (please don't laugh!)
Code:
[Patterns]
Name = "<script>: Remove Obfuscated Code [20081219]"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js)|$TYPE(vbs))"
Bounds = "$NEST(<script,</script*>)"
Limit = 4096
Match = "*(\\[#000:255])+{15}*"
        "|*((%|\\x)\0([a-f]|[0-9])([a-f]|[0-9]))+{15}*"
        "|*(((%|\\)u)\0([a-f]|[0-9])([a-f]|[0-9])([a-f]|[0-9])([a-f]|[0-9]))+{15}*"
        "|*[^_a-Z0-9]eval \( ((([_a-Z0-9]+)(\+|))+{3,*}*)"
Replace = "$ALERT(Obfuscated code detected and removed from:\r\n\r\n\u\r\n\r\n)"

Comments and corrections welcome!
DarthTrader
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
Remove Obfuscated Code [20081221b] - Kye-U - Dec. 17, 2008, 03:30 AM
RE: Remove Obfuscated Code [20081216] - Kye-U - Dec. 17, 2008, 06:11 PM
RE: Remove Obfuscated Code [20081216] - DarthTrader - Dec. 19, 2008 02:41 PM
RE: Remove Obfuscated Code [20081216] - z12 - Dec. 20, 2008, 12:53 PM
RE: Remove Obfuscated Code [20081216] - Kye-U - Dec. 20, 2008, 07:06 PM
RE: Remove Obfuscated Code [20081220a] - Kye-U - Dec. 20, 2008, 10:34 PM
RE: Remove Obfuscated Code [20081220a] - Kye-U - Dec. 20, 2008, 11:05 PM
RE: Remove Obfuscated Code [20081220b] - z12 - Dec. 21, 2008, 12:50 AM
RE: Remove Obfuscated Code [20081220b] - Kye-U - Dec. 21, 2008, 03:28 AM
RE: Remove Obfuscated Code [20081221b] - Kye-U - Dec. 21, 2008, 08:32 PM
RE: Remove Obfuscated Code [20081221b] - Kye-U - Dec. 22, 2008, 03:39 AM
RE: Remove Obfuscated Code [20081221b] - z12 - Dec. 22, 2008, 10:58 AM

Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication