Y2K10 Spamassassin Rule Bug - Update Your Rules Now!

mikeshinn · **Posted:** Sat Jan 02, 2010 6:55 pm

Post from the Spamassasin project:

Quote:

Versions of the FH_DATE_PAST_20XX rule released with versions of Apache SpamAssassin 3.2.0 thru 3.2.5 will trigger on most mail with a Date header that includes the year 2010 or later. The rule will add a score of up to 3.6 towards the spam classification of all email. You should take corrective action immediately; there are two easy ways to correct the problem:

* If your system is configured to use sa-update run sa-update now. An update is available that will correct the rule. No further action is necessary (other than restarting spamd or any service that uses SpamAssassin directly).

* Add "score FH_DATE_PAST_20XX 0" without the quotes to the end of your local.cf file to disable the rule.

If you require help updating your rules to correct this issue you are encouraged to ask for assistance on the Apache SpamAssassin Users' list. Users' mailing list info is here.

On behalf of the Apache SpamAssassin project I apologize for this error and the grief it may have caused you.

Regards,

Daryl C. W. O'Shea

VP, Apache SpamAssassin

If you are not using our spamassasin RPMS, which update your rules automatically, you will need to configure your system to do this automatically by following the instructions on our wiki here:

http://www.atomicorp.com/wiki/index.php ... signatures

BerArt · **Posted:** Sun Jan 03, 2010 6:12 am

Is this also true for the Art package? (ASL) and how can I run the Spamassassin update, or does ASL do this automaticly?

breun · **Posted:** Sun Jan 03, 2010 6:51 am

There is no need to setup updating SpamAssassin manually as the package already includes a cronjob that runs sa-update daily (see /etc/cron.d/sa-update which calls /usr/share/spamassassin/sa-update.cron, which calls /usr/bin/sa-update and restarts the service when necessary).

According to the website SARE is no longer active, so setting up a custom cronjob to also get updates from saupdates.openprotect.com is no longer useful:

Quote:

IMPORTANT: Due to Ninjas being busy with lives, wives & hockey matches, SARE rules aren't being updated.

There is no need to run automated update tools as all they will produce is useless load on everybody's servers.

I've already e-mailed the people at OpenProtect about this and they said they'd add a notice to their page at http://saupdates.openprotect.com/, but apparently that hasn't happened yet. They said they'd keep the service running to not break anything, although they said that indeed you won't be getting any updates from that channel anymore.

Anyway, we ran sa-update on January 1 when the update was released and all was fine.

mikeshinn · **Posted:** Sun Jan 03, 2010 2:49 pm

Our RPM package already does this automatically, but not everyone uses our package and may not have the updates setup automatically.

premierhosting · **Joined:** Wed Aug 04, 2010 2:52 pm **Posts:** 256

I just looked in my /etc/cron.d/sa-update and the actual line to run the cron is commented out. Worth taking a peek, I just installed fresh Centos 5 and fresh ASL.

breun · **Posted:** Thu Aug 05, 2010 5:16 pm

Did you install the SpamAssassin package from the Atomic channel? That one definitely has the cronjob enabled by default.

premierhosting · **Joined:** Wed Aug 04, 2010 2:52 pm **Posts:** 256

I believe you, but I installed a fresh Centos 5 + Plesk 64 bit, then *immediately* installed ASL. And it was commented out.

breun · **Posted:** Fri Aug 06, 2010 2:28 am

What's the package you have installed?

Code:

rpm -q spamassassin

And is /etc/cron.d/sa-update really unmodified?

Code:

rpm -V spamassassin

premierhosting · **Joined:** Wed Aug 04, 2010 2:52 pm **Posts:** 256

Code:

[root@cloud1 usr]# rpm -q spamassassin
spamassassin-3.2.5-1.el5.art

[root@cloud1 usr]# rpm -V spamassassin
.......T  c /etc/cron.d/sa-update
S.5....T  c /etc/mail/spamassassin/local.cf

Of course, I did edit sa-update myself, because this line:

Code:

10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log

said this:

Code:

#10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log

breun · **Posted:** Fri Aug 06, 2010 3:47 am

According to the output of rpm -V spamassassin only the modification time (T) of /etc/cron.d/sa-update differs from the original file from the package. The contents are the same, otherwise you'd see a '5' (MD5 sum differs) in the character string (and an 'S' because the file size would be different).

Y2K10 Spamassassin Rule Bug - Update Your Rules Now!

Who is online