SpamAssassin is een spamfilter, geschreven in Perl, waarmee een mailserver spamberichten kan herkennen. Hiervoor worden een aantal bekende methoden gecombineerd om verschillende soorten tegen te houden. Het bekijkt de inhoud van het bericht en bepaalt aan de hand van een zelflerend filter of het bericht wel of geen spam is, daarnaast wordt ook de hulp ingeschakeld van een aantal blacklists en distributed hash databases op het internet. De ontwikkelaars hebben versies 3.2.1 en 3.1.9 uitgebracht die een mogelijke Denial of Service oplossen en voorzien van de volgende veranderingen:
Version 3.2.1:
3.2.1 is a major bug-fix release, including a potential local DoS. The major highlights are:
- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS vulnerability. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" OR "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch. This is not default on any distro package, and is not a common configuration. More details of the vulnerability can be read at http://spamassassin.apache.org/advisories/cve-2007-2873.txt.
- bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB and FH_HOST_EQ_D_D_D_D.
- bug 5257: re-raise autolearn ham threshold to 1.0; the lower value used in 3.2.0 was creating problems.
- bug 5422: in spamd, deleting hash entries from the SIGCHLD signal handler is unsafe, causes corruption of the data structure, and results in 'prefork: ordered child N to accept, but they reported state '1', killing rogue' errors. fix.
- bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs.
- bug 5457: spamc build and test should handle not having zlib available.
- bug 5379: spamd could crash at startup if its preloading temporary directory already exists. fix.
- bug 4616: spamc config can cause command line options to be ignored. fix.
- bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll always fire due to defaults (unless there's an explicit SIGNALL policy).
- bug 5492: VBounce rule was looking in header instead of body for whitelisted relays. fix.
- bug 5487: prevent multiple "urirhssub"s using the same zone from overwriting each other.
- bug 5432 - Change default in Win32 build to not build spamc.
- bug 5446: add --updatedir option to sa-compile and remove inaccurate re2c required version info from pod.
- bug 5436: add omitted "ifplugin" statements to the configuration, which would otherwise cause lint errors if the default plugins were disabled.
- bug 5477: prevent Rule2XSBody info message from appearing on stderr during spamd startup.
Version 3.1.9:
3.1.9 is a major bug-fix release, including a potential local DoS. The major highlights are:[break]De volgende twee bestanden kunnen binnen worden gehaald:
- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS vulnerability. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" OR "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch. This is not default on any distro package, and is not a common configuration. More details of the vulnerability can be read at http://spamassassin.apache.org/advisories/cve-2007-2873.txt.
- bug 5353 - meta rule parsing should handle not equal ("!=") syntax.
- set the score for URI_TRUNCATED to 0.001.
- bug 5337: change the start order for Fedora such that spamd starts before the MTA.
SpamAssassin 3.2.1
:strip_exif()/i/2005514800.png?f=thumbmedium)
:strip_icc():strip_exif()/u/114175/IMG_7755.jpg?f=community){kind=small}
/u/122874/crop5e26d7a209cd1_cropped.png?f=community){kind=small}