Bug 697 - RATWARE false positive
Summary: RATWARE false positive
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 2.30
Hardware: Other other
: P2 normal
Target Milestone: ---
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-08-14 05:50 UTC by Greg Ward
Modified: 2002-08-13 22:07 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Ward 2002-08-14 05:50:56 UTC 
The following headers are extracted from a real-live false positive:

From: mertz@gnosis.cx (David Mertz, Ph.D.)
To: xml-sig@python.org
Subject: Listing Gnosis_Utils with PyXML pages
Date: Wed, 14 Aug 2002 00:01:29 -0400
Organization: Gnosis Software
Reply-To: mertz@gnosis.cx
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Message-ID: <ZYdW9kKkXQ+B092yn@gnosis.cx>                
X-Mailer: Yarn for OS/2 v0.92
X-Moon-Phase: The Moon is a Waxing Crescent. (34.4778% of Full).
X-Copyright: No copyrot! This message is placed into the public domain.
X-Niggle: Indicated fair-use quotations retain their original copyright.
X-Squaresville: Yes

The main reason this message scored as spam is because the string "Crescent" 
appears in the headers (see X-Moon-Phase) -- this triggers the RATWARE rule, 
which is worth 4.6 points.  Ouch!

RATWARE seems awfully broad to me, since it searches the entire header block 
for a large number of substrings.  Perhaps it should be split into two 
rules: one for the X-Mailer header (or whatever the most common one is), and 
one for the rest of the headers.
Comment 1 Justin Mason 2002-08-14 06:07:04 UTC 
don't worry -- this is already fixed in CVS.