[Spambayes] small vulnerability patch
Todd Mokros
niltsiar@neo.rr.com
Sat Nov 16 06:11:24 2002
here's a small patch to fix a small header vulnerability. If a piece of
spam spoofs the header added by hammie, then procmail recipes could
match on the spoofed header. This deletes the hammie header before
filtering.
--- ../../cvs-tracking/spambayes/hammie.py 2002-11-14
17:00:15.000000000 -0500
+++ hammie.py 2002-11-16 00:44:50.000000000 -0500
@@ -272,6 +272,8 @@
"""
msg = mboxutils.get_message(msg)
+ if msg.has_key(header):
+ del msg[header]
prob, clues = self._scoremsg(msg, True)
if prob < ham_cutoff:
disp = options.header_ham_string
--
Todd Mokros <niltsiar@neo.rr.com>
More information about the Spambayes
mailing list