Bug 1835 - http://www.docum.org matched as porn
Summary: http://www.docum.org matched as porn
Status: VERIFIED LATER
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamassassin (show other bugs)
Version: SVN Trunk (Latest Devel Version)
Hardware: PC Linux
: P5 normal
Target Milestone: 2.60
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-04-29 01:01 UTC by l.drolez
Modified: 2003-05-30 05:16 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description l.drolez 2003-04-29 01:01:34 UTC 
I receive a ML digest where someone puts in its signature this url:
http://www.docum.org
It's matched with PORN_4 and then, the message is marked as spam.
Comment 1 Daniel Quinlan 2003-04-29 22:31:54 UTC 
I'm almost afraid to check that URL.
Comment 2 Theo Van Dinter 2003-05-19 12:55:32 UTC 
I don't think there's much we can do about this one.  we could have the rule 
avoid 'docum', but then 'documinblah_blah_blah' won't be caught either.
Comment 3 Theo Van Dinter 2003-05-25 20:31:40 UTC 
can't think of a way to bypass that specific url without opening a hole for 
spammers.  sorry. :(
Comment 4 l.drolez 2003-05-30 01:02:53 UTC 
You can add a whitelist where the url http://www.docum.org is matched exactly,
and associate a -2.1 score to it.

This way if spammers want to bypass the test, they need to add an advert for
docum.org !!
Comment 5 Daniel Quinlan 2003-05-30 01:40:58 UTC 
> You can add a whitelist where the url http://www.docum.org is matched exactly,
> and associate a -2.1 score to it.

That's not going to happen.  Just whitelist the list or that person.

I'll try a test rule that avoids the FP that might work well enough to
replace the current rule, but that's it.
Comment 6 Daniel Quinlan 2003-05-30 13:16:44 UTC 
fixed in 2.60-cvs