Ed Weinberg said: > I am surprised that SA does not recognize spam sent by FormMail.pl. > Back around 1987 a 15 year old kid named Matt Wright wrote a FormMail > script. The original insecure version is still in use on a million > sites (no exageration). Spammers figured out how to send email through > it. Each stock script starts the email with the following format > (including the dashed line).:
Ed, dunno what version of SpamAssassin you're looking at ;) It does recognise it, based on the "below is the result" string -- the BUGGY_CGI test. For some reason though, the scores are not generally high enough to trigger on their own -- probably not enough spam in the corpora using it. I didn't realise Matt W was 15 when he wrote it... :( --j. ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
