You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2021/01/11 02:38:54 UTC

[Bug 7879] New: Body Length without Signature

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7879

            Bug ID: 7879
           Summary: Body Length without Signature
           Product: Spamassassin
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Plugins
          Assignee: dev@spamassassin.apache.org
          Reporter: guenther@rudersport.de
  Target Milestone: Undefined

We have seen attempts to hide or disguise spam content by abusing the
traditional plain-text signature marker, placing the actual content after this.
Resulting in an almost completely empty body before a signature marker and a
lot of content after this marker.

Certain limitations for body rules -- notably SA splitting up the body in
chunks before running regex body rules -- render it impossible to implement
this in plain regex-based rules.


We implemented a set of eval() rules (operating on the first text/plain MIME
part) for the stock BodyEval plugin which support the usage of signature length
and body-without-signature length in SA body or meta rules.

For both the body and signature, SA rules to check min and max lengths or
ranges are supported, as well as directly checking the body to signature ratio.


plaintext_body_sig_ratio: eval() rules for the (first text/plain MIME part's)
body and signature lengths and ratio

trunk:
 Sending        lib/Mail/SpamAssassin/Plugin/BodyEval.pm
 Transmitting file data .done
 Committing transaction...
 Committed revision 1885213.

3.4 branch:
 Sending        lib/Mail/SpamAssassin/Plugin/BodyEval.pm
 Transmitting file data .done
 Committing transaction...
 Committed revision 1885214.


Easy backport for the 3.4 branch and completely optional, un-intrusive, not
changing existing code. Thus safe to commit to 3.4 branch.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7879] Body Length without Signature

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7879

Karsten Bräckelmann <gu...@rudersport.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Karsten Bräckelmann <gu...@rudersport.de> ---
For documentation, already committed.

Closing RESOLVED FIXED.

-- 
You are receiving this mail because:
You are the assignee for the bug.