Bart Schaefer <[EMAIL PROTECTED]> writes: > The attached spam just barely sneaks under SA 2.42's radar because of a > fake PGP signature line in an HTML comment.
I already improved this rule back on August 23rd, but someone made a broken CVS commit that reverted the improvement (and maybe more, but I didn't see anything obvious). I'm starting to wonder if perhaps we should have some sort of peer review for back-port and forward-port activity since "directional" mistakes seem to happen often enough to be a problem. The reverted rule would have been enough to avoid this particular false match, but if spammers are trying to falsify PGP signatures, I think we need to be more paranoid so I just checked in an even more resistant rule into CVS HEAD. > I haven't tested it against 2.43 yet (Matt, CPAN?) so maybe this is a > false alarm, but it appears to be a deliberate SA-spoiler. I'm sure 2.43 has the same problem. We can (carefully) backport compensation improvements if we do a 2.44. By the way, if you're only 0.01 versions off of the last stable release, I think it's okay (even good) to submit a bug report for this sort of thing ... as long as you attach an example, of course. ;-) Dan ------------------------------------------------------- This sf.net email is sponsored by: Access Your PC Securely with GoToMyPC. Try Free Now https://www.gotomypc.com/s/OSND/DD _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
