7588 – HTML_IMAGE_ONLY_08 triggered by a 43 byte gif.

Bug 7588 - HTML_IMAGE_ONLY_08 triggered by a 43 byte gif.

Summary: HTML_IMAGE_ONLY_08 triggered by a 43 byte gif.

Status:	RESOLVED INVALID

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	3.4 SVN branch
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-06-12 07:28 UTC by Reio Remma
Modified:	2018-06-12 16:21 UTC (History)
CC List:	2 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
The e-mail in question minus PDF.	message/rfc822			None	Reio Remma
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Reio Remma 2018-06-12 07:28:09 UTC

Created attachment 5574 [details]
The e-mail in question minus PDF.

Greetings!

I was just sent a PDF invoice which hit HTML_IMAGE_ONLY_08. Upon closer inspection it turned out to be a 1x1 px tracking image from Mandrill. 

Should that hit HTML_IMAGE_ONLY_08?

Thanks,
Reio

Comment 1 Kevin A. McGrail 2018-06-12 14:54:34 UTC

It is hitting based on the "images with 400-800 bytes of words" and wouldn't cause a FP.

Yes, it should hit.  Is it causing an issue with the email overall based on the default scores?

Comment 2 Reio Remma 2018-06-12 16:20:44 UTC

My apologies, I now read the quoted rule description again and it finally dawned on me that I had it backwards. The image isn't 400-800 bytes, but actual text content.

Essentially Mandrill should use an actual picture for the tracking. :)

Comment 3 Reio Remma 2018-06-12 16:21:42 UTC

It didn't cause an issue per se, I usually just look closely at mails I know are legit with a score just around 0.