--- Comment #7 from John Woods <> ---
Good eye!

The boundary is: --6479071-26388092-1648650284=:2907

The lines that throw the parser off have: --6479071-26388092-1648650284=:2907--

I'm not sure whether the e-mail in question conforms to RFC or not. But, bad
actors could use this technique to sneak attachments past SpamAssassin.

It looks like it is probably in lib/Mail/SpamAssassin/, around line
848. One of the test conditions is:

$body->[$line] =~ /^--\Q$boundary\E\s*$/

It's the trailing \s*$ that cause this to fail to detect the boundary. Are
these parts of the regexp necessary for some other reason?

You are receiving this mail because:
You are the assignee for the bug.

Reply via email to