[Bug 6979] New: BODY_URI_ONLY false positive on S/MIME messages

Thu, 17 Oct 2013 11:09:42 -0700 

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6979

            Bug ID: 6979
           Summary: BODY_URI_ONLY false positive on S/MIME messages
           Product: Spamassassin
           Version: 3.3.2
          Hardware: Macintosh
                OS: Mac OS X
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 5175
  --> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5175&action=edit
Actual received S/MIME email message displaying the BODY_URI_ONLY false
positive problem

The BODY_URI_ONLY rule (svn commit: r1496674) appears to fail to take into
account S/MIME secure email messages.

I am an end-user of the services of Fastmail.fm, who uses SpamAssassin and is
currently running version. 3.3.2. I am seeing consistent BODY_URI_ONLY 1 scores
on my S/MIME correspondence (all ham, between myself and known, routine
correspondents).

Suggestion: change the BODY_URI_ONLY rule to take into account S/MIME email
messages. I'm not sure why it sees a long base64 encoding as a URI, but then
i'm not a programmer and perhaps this is legitimate.

One possible addition to the rule would be to look for:

Content-Disposition: attachment; filename=smime.p7m

or some fraction of this line with wildcards (and possibly other variants for
PGP etc.?) to help the rule better distinguish ham from spam.

Steps to reproduce:
1) Send an S/MIME email to a recipient on a system running SpamAssassin using
the BODY_URI_ONLY rule. I don't believe the MUA matters, but in the cases i
have seen the sending MUA has been Apple Mail 2.1.3 for OS X Tiger 10.4.11 or
Apple Mail 4.6 for Snow Leopard 10.6.8. The message should be both signed and
encrypted.

Expected result: looking at the SA X-Spam-hits will show no triggering of the
BODY_URI_ONLY rule.

Actual result: BODY_URI_ONLY rule is triggered, falsely.

Trouble reproducing?: if you are testing this bug not long after its
submission, you should be able to use the live, public Fastmail.fm system (i am
a customer of theirs and that is where i see it. I am *not* running my own
server/SA).

More sample emails available upon request.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to