From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030701 Description of problem: It appears that certain types of e-mail virii including windows file executables (specifically, with the content-type of "application/x-msdownload") are getting through the spam assassin content checking unscathed. Version-Release number of selected component (if applicable): spamassassin-2.44-11.8.x How reproducible: Always Steps to Reproduce: 1. Send a sobig virus e-mail (I think this is the type of virus that was sent to me) 2. Watch spam assassin NOT tag it with MICROSOFT_EXECUTABLE, as it should have. Actual Results: The message passed the spam assassin checks as a false negative. The x-spam status reads: X-Spam-Status: No, hits=1.7 required=5.0 tests=MISSING_HEADERS,RESENT_TO,SPAM_PHRASE_00_01 version=2.44 Expected Results: I should have seen it flagged as spam: X-Spam-Status: Yes, hits=11.6 required=5.0 tests=MICROSOFT_EXECUTABLE,MISSING_HEADERS,RESENT_TO, SPAM_PHRASE_00_01 version=2.44 X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Checker-Version: SpamAssassin 2.44 (1.115.2.24-2003-01-30-exp) X-Spam-Prev-Content-Type: multipart/mixed; boundary="----------O7B04P869TLF5U" SPAM: -------------------- Start SpamAssassin results SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (11.60 hits, 5 required) SPAM: RESENT_TO (-0.2 points) Found a Resent-To header SPAM: SPAM_PHRASE_00_01 (0.8 points) BODY: Spam phrases score is 00 to 01 (low) SPAM: MICROSOFT_EXECUTABLE (10.0 points) RAW: Message includes Microsoft executable program SPAM: MISSING_HEADERS (1.0 points) Missing To: header SPAM: SPAM: -------------------- End of SpamAssassin results Additional info: I had to set the /etc/mail/spamassassin/local.cf to score these as 10 points in order for it to get flagged as spam. The point of the bug report is to fix the Eval to catch application/x-msdownload attachments. I have found the perl code that needs fixing. I will be attaching a patch.
Created attachment 93009 [details] patch to detect application/x-msdownload attachments This patch changes /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/EvalTests.pm to detect attachemnts with the content-type of 'application/x-msdownload' This will allow spam assassin to correctly detect the newest type of e-mail virii going around.
Please test if this is still an issue with rawhide's latest spamassassin. If it is still problematic, then you need to talk to the upstream spamassassin.org developers and get them to merge this functionality. They will determine if it is safe to do so in this way or not.