On Thu, Dec 30, 2004 at 08:36:00AM -0500, Josh Endries wrote:
> body and rawbody. This is with SA 2.63 and Perl 5.005_03, which I > can't upgrade :(.
You do not have to upgrade perl, you can have a 2nd install instead.
And if Josh chooses to not upgrade perl, he should at least upgrade SA to 2.64 ASAP...
2.50-2.63 all have a malformed message DoS vulnerability.
And no, this isn't new news, it was in 2.64's release announcement back in august
http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2
Not to mention being reported in dozens of security databases, including CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796
