Re: Drink it, forget it ! .... bug in _check_date_diff

[Robert Nicholson]

So if I use the following instead it then fires the rule   # use the date with the smallest absolute difference   # (experimentally, this results in the fewest false positives)   @diffs = sort { abs($a) <=> abs($b) } @diffs;   # pick the first one that isn't 0   foreach my $diff (@diffs)   {      next if $diff == 0;      $self->{date_diff} = $diff;      return;   }   $self->{date_diff} = 0;   #$self->{date_diff} = $diffs[0]; This looks to be something Spammers are deliberately working around as how could you possibly get two received headers with the same date, time to the second? On Sep 10, 2006, at 12:53 PM, Robert Nicholson wrote: i'm guessing what happened here was that it took the first Received header... which is the same as the Date: header. What i'd rather it take though is the header closest to me. so instead of using Received: from [61.15.158.107] (helo=[71353437]) by caching4-true.asianet.co.th with smtp (Exim 4.60 (FreeBSD)) (envelope-from <[EMAIL PROTECTED]>) id WDL-C580H-YQ for [EMAIL PROTECTED]; Sun, 14 Jan 2007 13:07:22 +0700 Received: from klenske.com (52680622055 [01783113]) by mail.klenke.de (Qmailv1) with ESMTP id 6E7WB7CKFT5 for <[EMAIL PROTECTED]>; Sun, 14 Jan 2007 13:07:22 +0700 it should use Received: (qmail 9695 invoked from network); 4 Sep 2006 05:53:13 -0000 It seems the code only considers if the last header is the same it doesn't exclude others as well. I think it could exclude all headers that have a diff of 0 this is where it all goes wrong @diffs = sort { abs($a) <=> abs($b) } @diffs; 2001:     $self->{date_diff} = $diffs[0]; On Sep 10, 2006, at 12:32 PM, Robert Nicholson wrote: It seems to have decided that date_diff is 0 for some reason in check_for_shifted_date On Sep 10, 2006, at 11:42 AM, Robert Nicholson wrote: Why didn't DATE_IN_FUTURE file on this message? Begin forwarded message: From: "Frederick Harris" <[EMAIL PROTECTED]> Date: January 14, 2007 12:07:22 AM CST To: [EMAIL PROTECTED] Subject: Drink it, forget it ! X-Spam-Dcc: : grub.camros.com 1113; Body=1 Fuz1=1 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on grub.camros.com X-Spam-Level: ************ X-Spam-Status: Yes, score=12.5 required=0.6 tests=BAYES_99,HTML_90_100, HTML_IMAGE_ONLY_04,HTML_MESSAGE,HTML_TITLE_EMPTY,MIME_HTML_MOSTLY, RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,UNPARSEABLE_RELAY autolearn=no  version=3.1.1 X-Spam-Report: *  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay *      lines *  0.1 HTML_90_100 BODY: Message is 90% to 100% HTML *  1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME *  0.0 HTML_MESSAGE BODY: HTML included in message *  3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% *      [score: 0.9942] *  0.2 HTML_TITLE_EMPTY BODY: HTML title contains no text *  3.6 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words *  2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address *      [124.121.58.8 listed in dnsbl.sorbs.net] *  1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP *      [124.121.58.8 listed in combined.njabl.org] Received: (qmail 9695 invoked from network); 4 Sep 2006 05:53:13 -0000 Received: from ppp-124.121.58.8.revip2.asianet.co.th (HELO caching4-true.asianet.co.th) (124.121.58.8) by 64.34.193.12 with SMTP; 4 Sep 2006 05:53:13 -0000 Received: from [61.15.158.107] (helo=[71353437]) by caching4-true.asianet.co.th with smtp (Exim 4.60 (FreeBSD)) (envelope-from <[EMAIL PROTECTED]>) id WDL-C580H-YQ for [EMAIL PROTECTED]; Sun, 14 Jan 2007 13:07:22 +0700 Received: from klenske.com (52680622055 [01783113]) by mail.klenke.de (Qmailv1) with ESMTP id 6E7WB7CKFT5 for <[EMAIL PROTECTED]>; Sun, 14 Jan 2007 13:07:22 +0700 Return-Path: <[EMAIL PROTECTED]> Envelope-To: [EMAIL PROTECTED] Delivery-Date: Sun, 14 Jan 2007 13:07:22 +0700 X-Mailer: MIME-tools 4.104 (Entity 4.116) X-Priority: 3 Message-Id: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary Content-Length: 493 Lines: 15 ------------6E4IEHB8UW48PDUQIXUK4 Content-Type: text/plain; charset=windows-1253 Content-Transfer-Encoding: 7bit ------------6E4IEHB8UW48PDUQIXUK4 Content-Type: text/html; charset=windows-1253 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML><TITLE></TITLE><IMG width=283 height=410 alt="" hspace=1 vspace=1 src=""cid:FFH007M8.4T77IITD.2MJGL6HN.A0G8IKL4">cid:FFH007M8.4T77IITD.2MJGL6HN.A0G8IKL4_csseditor"></HTML> ------------6E4IEHB8UW48PDUQIXUK4-- [[Removed gif attachment]]