Re: [Full-Disclosure] SpamAssasin - path disclosure

Valdis.Kletnieks_at_vt.edu
Date: 08/25/03

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY! !" 
    To: morning_wood <se_cur_ity@hotmail.com>
Date: Sun, 24 Aug 2003 20:48:40 -0400

    On Sun, 24 Aug 2003 15:07:25 PDT, morning_wood <se_cur_ity@hotmail.com> said:

    > RE: [Full-Disclosure] SpamAssasin - path disclosureodd that it says =
    > "X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) "
    > excuse my fauxpa, but when the line says "SpamAssasin" i assume it is =
    > SpamAssasin
    > unless of course another product is also SpamAssasin. I use neither =

    > so logical deduction says "X-Spam-Checker-Version: SpamAssassin"

    Actually, it was qmail that did it, or maybe Outlook Express - those are both
    mentioned in the headers as well. You're making the rash guess that just
    because SpamAssassin inserted a bunch of headers, it was the guilty party.

    It's not at all unusual for one piece of mail to get hit with *MULTIPLE* pieces
    of software between when it's sent and when it ends up in a mailbox - at my
    site, an *incomplete* list includes Sendmail, SpamAssassin, Trend, Sun
    iPlanet. Some of these add headers, others don't.

    So let's apply a bit more logic here - SpamAssassin is *DAMNED* chatty, but it
    doesn't make even a *hint* that it's spotted a virus. It picks up on the
    presence of a spam tool in the MIME boundary, but fails to note the fact it's
    one of the most annoying worms around lately. Of course, that's not surprising,
    based on the version of SpamAssassin:

    X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)

    Hmm... I'd be damned surprised if a SpamAssassin from the end of March would
    have had a virus signature for a worm that showed up almost 4 1/2 months later.

    More reasonable guess - SpamAssassin decided it smelled spammy, and some
    OTHER tool called 'iscan' semi-silently quarantined the file....

    Maybe you didn't see mention of SpamAssassin on any of those URLs because
    SpamAssassin had nothing to do with it. On the other hand, I suppose you
    could argue it was all an Illuminati plot, in conjunction with the space
    aliens, because neither of THEM were mentioned on the Trend pages either....

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY! !"

    Relevant Pages

    • Re: [SLE] help with filters in kmail for S P @ M
      ... >I have kmail setup with both bogofilter and spamassassin. ... >I took out the "X" from the headers so it hopefully won't setoff ... you don't go into any detail as to how you have spamassassin ... Please note - Due to the intense volume of spam, ...
      (SuSE)
    • Re: [SLE] Spamassassin learning
      ... Spamassassin is evidently not running. ... > Issue these command as root ... then issue these two commands ... Nope no headers with X-Spam in them. ...
      (SuSE)
    • Re: [SLE] spam status
      ... Amavis-new does both virus scanning and spam ... SpamAssassin removes the spam ... Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com ...
      (SuSE)
    • Re: spam detection software
      ... Do you find references to SpamAssassin in the headers of all of your incoming messages? ... Mopsy wrote: ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • RE: anyone user exim and spamassasin?
      ... anyone user exim and spamassasin? ... set of headers containing the spamassassin info. ... To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". ...
      (Debian-User)
    • Quantcast