[afnog] Fwd: [vexim] Bug In Spam Assassin Rules Sets

[Randy Bush]

thanks to smb for passing along detailed destructions

randy

From: Klaus Heinz <heinz at NetBSD.org>
Date: January 1, 2010 10:57:45 PM EST
To: pkgsrc-users at NetBSD.org
Subject: HEADS-UP: urgent rule update for package mail/spamassassin 

Hi,

users of the pkgsrc package mail/spamassassin version 3.2.0 to 3.2.5
should update the rules as soon as possible.

Since the start of the new year the rule FH_DATE_PAST_20XX gets triggered
for every single message due to a bad regular expression. This adds
about 3.5 points to the score of every message, with 5 points being the
default value to classify a message as spam.

There are several ways you can update your rules:

1) Run sa-update and get all the latest rules, including the updated
  rule FH_DATE_PAST_20XX.
  You can see the version your are retrieving by running sa-update with
  the debug option "-D". Make sure you retrieve at least update 895075.

2) Update the package mail/spamassassin to the latest version 3.2.5nb4.
  This version contains the new rule as a patch.

3) Change the regular expression in file 72_active.cf with the the text
  editor of your choice from

    header   FH_DATE_PAST_20XX    Date =~ /20[1-9][0-9]/ [if-unset: 2006]^M

  to

    header   FH_DATE_PAST_20XX    Date =~ /20[2-9][0-9]/ [if-unset: 2006]^M

  The affected file 72_active.cf can be found either in
  /usr/pkg/share/spamassassin/ if you never used sa-update before or in
  /var/spamassassin/3.002005/updates_spamassassin_org/ where rules are
  stored by sa-update.

Don't forget to restart SpamAssassin to enable the updated rules.

Regards,
    Klaus Heinz