Bug 3470 - Attached JPGs causing rules to see data not in the message.
Summary: Attached JPGs causing rules to see data not in the message.
Status: RESOLVED WORKSFORME
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamassassin (show other bugs)
Version: 2.63
Hardware: PC Linux
: P5 normal
Target Milestone: 3.1.0
Assignee: SpamAssassin Developer Mailing List
URL: http://web.mit.edu/london/www/914.
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-04 08:53 UTC by Mark London
Modified: 2004-06-04 01:12 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark London 2004-06-04 08:53:24 UTC 
I've had several attached JPGs cause false positives, due to false hits from
OBFUSCATING_COMMENT.  However, he problem appears to be a more general problem,
that rules are seeing data that doesn't exist in the message.   One such example
is in the URL for this bug report.  I ran spamassassin on this file in debug
mode using -D rulesrun=255, and it's reports many __HIGHBITS hits, such as:

debug: Ran body-text regex rule __HIGHBITS ======> got hit: match='C>B4C0CB<B$CC
>'

And the __OBFUSCATING_COMMENT_B rule causes OBFUSCATING_COMMENT to be positive:

debug: Ran body_pattern_hit rule __OBFUSCATING_COMMENT_B ======> got hit: match=
'/<!pvIm<#l3jc8=KtjAf<SC^J"vack}j:P?,4^}__7GV`(<=z3S4}%Tdz+7FZ__km(?t3Lv_F+E9%]j
64^|#q>-'
debug: Ran body_pattern_hit rule __OBFUSCATING_COMMENT_B ======> got hit: match=
'<!4k7}Y|G~?^|0UT;Zn_W^>b'
Comment 1 Theo Van Dinter 2004-06-04 09:12:52 UTC 
This is very likely 2.6's mime parser getting confused.  3.0 works fine from what I can see:

debug: 
tests=BAYES_10,DOMAIN_RATIO,EXTRA_MPART_TYPE,HTML_90_100,HTML_IMAGE_ONLY_04,HTML_MES
SAGE,HTML_TITLE_EMPTY,MIME_HTML_MOSTLY,MIME_HTML_ONLY,MISSING_SUBJECT,MPART_ALT_DIFF
debug: 
subtests=__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_HTML,__HAS_MSGID,__HTML_LENGTH_384,__HTML_L
ENGTH_512,__MIME_BASE64,__MIME_HTML,__MIME_VERSION,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG
_EXISTS_HEAD,__TAG_EXISTS_HTML