[Spambayes] small vulnerability patch
Neale Pickett
neale@woozle.org
Mon Nov 18 02:51:06 2002
So then, Todd Mokros <niltsiar@neo.rr.com> is all like:
> here's a small patch to fix a small header vulnerability. If a piece of
> spam spoofs the header added by hammie, then procmail recipes could
> match on the spoofed header. This deletes the hammie header before
> filtering.
Good catch, Todd! I'll check this into CVS as soon as it comes back up
and I'm in front of a computer :)
Thanks
Neale
>
>
> --- ../../cvs-tracking/spambayes/hammie.py 2002-11-14
> 17:00:15.000000000 -0500
> +++ hammie.py 2002-11-16 00:44:50.000000000 -0500
> @@ -272,6 +272,8 @@
> """
>
> msg = mboxutils.get_message(msg)
> + if msg.has_key(header):
> + del msg[header]
> prob, clues = self._scoremsg(msg, True)
> if prob < ham_cutoff:
> disp = options.header_ham_string
>
>
> --
> Todd Mokros <niltsiar@neo.rr.com>
>
> _______________________________________________
> Spambayes mailing list
> Spambayes@python.org
> http://mail.python.org/mailman/listinfo/spambayes
More information about the Spambayes
mailing list