On 05/03/2012 10:02 AM, Mike Grau wrote: > The meta rule in 72_active.cf "KB_FAKED_THE_BAT" is getting > circumvented here because the meta rule component > > header __KB_DATE_CONTAINS_TAB Date:raw =~ /^\t > > is being evaded by spam that now has a space character before the tab: > > # grep Date: HEADERS | od -a > 0000000 D a t e : sp ht T h u , sp 3 sp M a > 0000020 y sp 2 0 1 2 sp 1 6 : 5 3 : 5 9 sp > 0000040 + 0 7 0 0 nl > 0000046vi H* > > This has been Russian language spam (charset koi8-r) with various > flavors of X-Mailer: The Bat!
What version of SpamAssassin are you running? Here's a note from that rule's definition (rulesrc/sandbox/kb/20_header.cf): # NOTE Depends on some header rule code fixes for 3.3.x to remove # the leading space that was showing up in header rules. For # 3.2.x releases the pattern must be changed to /^ \t/. Karsten: Maybe change it to /^ ?\t/ as a workaround? (Yes, I know we've stopped supporting sa3.2.x)
signature.asc
Description: OpenPGP digital signature
