Bug 350 - Content-Type header treated as case-sensitive
Summary: Content-Type header treated as case-sensitive
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Libraries (show other bugs)
Version: 2.20
Hardware: All other
: P2 normal
Target Milestone: ---
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-05-24 13:47 UTC by vince.delvecchio
Modified: 2002-06-09 18:54 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description vince.delvecchio 2002-05-24 13:47:08 UTC 
I had a false hit of the "CBYI" rule in a base64 section of a message.
SpamAssassin failed to detect that the section was binary because it said:

Content-Type: MULTIPART/MIXED; BOUNDARY="-559023410-851401618-985897488=:11156"
...
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Type: APPLICATION/octet-stream; name="chpost2001.prn"
Content-Transfer-Encoding: BASE64

(note the caps)

According to RFC 1521, this is perfectly legal;
most of these things are case-insensitive.  See
 http://www.freesoft.org/CIE/RFC/1521/4.htm

I note that, even if you change this, I might have the same problem
if someone sent an attachment uuencoded, so:

Other changes that would be good:
  - Ignore uuencoded sections of messages (or expand them before scanning).
  - Change the pattern to /\bCBYI\b/ which still catches nearly all
    (perhaps all) of the CBYI spam I have gotten, but makes it much
    less likely to match a binary.
  - Might also be good to change /HUNZA/ to /\bHUNZA\b/, even though
    five characters is less likely to match than four.
Comment 1 vince.delvecchio 2002-05-24 14:45:21 UTC 
The patch to bug #254 partially fixes this.  However, there are many other 
places where the Content-Type or Content-Transfer-Encoding is tested against 
with a case-sensitive match.  I think these should all be case-insensitive.
Comment 2 Craig Hughes 2002-06-10 02:54:50 UTC 
Ok, I think I fixed all of the checks for Content-Type and Content-Transfer-Encoding to be case-
insensitive now.