Justin Mason wrote:
another way where SpamAssassin rules could be used to execute arbitrary code...
I'll buy lunch for whoever can control exactly what arbitrary code is executed using only SA rules. :)
[...] In which case, you were already open to denial of service attacks from patterns that bust the C stack (fixed by Dave for 5.10)
That sounds good for us. Daryl
