2010 Mails Trigger SpamAssassin

01/04/2010

The Apache Project has warned of a bug in versions 3.2.0 to 3.2.5 of SpamAssassin that triggers an excessive number of spam alerts by mails from 2010. Debian Lenny is also infected.

The bug was discovered by Mike Cardwell. On his blog, he reports that older versions of SpamAssassin contain a rule called FH_DATE_PAST_20XX, which falsely identifies mails from 2010 as coming from the future and declares them as spam.

Because the version 3.2.5 is used by the Debian Project Lenny, Debian developers have issued an update 3.2.5-2+lenny1.1~volitile1 which should fix the bug. Unstable users should, according to this blog post, upgrade to version 3.2.5-7.

Most mainstream distributions are also under threat. Details of the problem can be found on the SpamAssassin homepage.

( Marcel Hilzinger)

Related content