[Gllug] Forwarded Spam message which SA missed [Fwd: Hey bro,

Chris Bell chrisbell at overview.demon.co.uk
Mon Jan 16 11:32:00 UTC 2006 

On Sun 15 Jan, Nix wrote:
> 
> On Sat, 14 Jan 2006, John Winters moaned:
> > 
> > From: "Alberto Simmons" <cecilia.fabbri at baachfamily.com>
> > Subject: Hey bro, found this site
> > To: <john at sinodun.org.uk>
> > Date: Fri Jan 13 15:15:33 2006 -0000
> > Envelope-to: john at sinodun.org.uk
> > Delivery-date: Fri, 13 Jan 2006 15:16:08 +0000
> > Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6187E.9E74
> 3680"
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Mailer: Microsoft Outlook Express 6.00.2900.2180
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> > X-Spam-Level: ***
> 
> > X-Spam-Status: No, score=3.8 required=5.0 tests=BAYES_99,HTML_20_30,
> > HTML_MESSAGE, MIME_QP_LONG_LINE, SEE_FOR_YOURSELF autolearn=no
> > version=3.0.3
> 
> Well, first this mail has *no* Received headers. Is this a pristine
> message, or not?
> 
> I can't see anything really wrong there, except that the really low
> BAYES_99 score continues to torpedo you. This is fixed in 3.2-to-be,
> but for now try this:
> 
> score BAYES_95 0 0 3.514 3.705
> score BAYES_99 0 0 4.070 3.914
> 
> If that's still not good enough, you can feed a failing message through
> `spamassassin -D' and I'll have a look at that.
> 

   Could the following be relevant?


> Date: Fri, 13 Jan 2006 09:40:44 +0100 (CET)
> From: Martin Schulze <joey at infodrom.org>
> Reply-To: debian-security at lists.debian.org
> Subject: [SECURITY] [DSA 939-1] New fetchmail packages fix denial of service
> To: Debian Security Announcements <debian-security-announce at lists.debian.org>
> Resent-From: debian-security-announce at lists.debian.org
> Resent-Sender: debian-security-announce-request at lists.debian.org
> Resent-Date: Fri, 13 Jan 2006 02:47:14 -0600 (CST)
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 939-1                     security at debian.org
> http://www.debian.org/security/                             Martin Schulze
> January 13th, 2006                      http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : fetchmail
> Vulnerability  : programming error
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2005-4348
> 
> Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3,
> APOP, IMAP mail gatherer/forwarder, that can cause a crash when the
> program is running in multidrop mode and receives messages without
> headers.
> 
> The old stable distribution (woody) does not seem to be affected by
> this problem.
> 
> For the stable distribution (sarge) this problem has been fixed in
> version 6.2.5-12sarge4.
> 
> For the unstable distribution (sid) this problem has been fixed in
> version 6.3.1-1.
> 
> We recommend that you upgrade your fetchmail package.
> 
> 

   This was followed by a list of recommendations about methods.

-- 
Chris Bell

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list