lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100104145333.GA17598@pargua.nissui.cl>
Date: Mon, 4 Jan 2010 11:53:33 -0300
From: Eduardo Romero <edo@....cl>
To: bugtraq@...urityfocus.com
Subject: Y2K10 spamassassin bug, 2010 year mails discared as spam

Hi,

Please review your spamassassin rules, the FH_DATE_PAST_20XX rule marks the
2010 mails as spam with 3.6 points app, the workaround possible are:

.- file /usr/share/spamassassin/72_active.cf

replace :

header   FH_DATE_PAST_20XX      Date =~ /20[1-9][0-9]/ [if-unset: 2006]

by:

header   FH_DATE_PAST_20XX      Date =~ /20[2-9][0-9]/ [if-unset: 2006]


.- add score 0 to this rule at /usr/share/spamassassin/50_scores.cf

replace:
score FH_DATE_PAST_20XX 2.075 3.384 3.554 3.188 # n=2by:

by:
score FH_DATE_PAST_20XX 0



The 'sa-update' options not always works for me.

Regards
Edo.


Info header at http://spamassassin.apache.org/

Y2K10 Rule Bug - Update Your Rules Now!

    2010-01-01:

    Versions of the FH_DATE_PAST_20XX rule released with versions of Apache
SpamAssassin 3.2.0 thru 3.2.5 will trigger on most mail with a Date header
that includes the year 2010 or later.  The rule will add a score of up to
3.6 towards the spam classification of all email.  You should take
corrective action immediately; there are two easy ways to correct the
problem: 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ