Max SpamAssassin Size problems -- round 2

Julian Field mailscanner at ecs.soton.ac.uk
Mon Aug 28 17:23:48 IST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Kash, Howard (Civ, ARL/CISD) wrote:
>> Why not just set the Max SpamAssassin Size to 50k
>  
> You'll still truncate images.  I currently have it at 150k and it still truncates images (either large ones or messages with lots of attached images).
>  
>> or the partial-image-detection rules to 0?
>  
> This is an option, but you give up some SPAM detection capability.  The plugin doesn't specifically test for partial images, but corrupt images in general, which truncated images are a subset of.  Some image spammers have intentionally corrupted the image in such a way that many email clients will still render them readable, but image analysis utilities balk on them.  So messages with corrupt images are given a higher score.
>  
> And this isn't just about images, supposedly someone is working on a plugin to analyze Word documents for spam content.   It may have the same problem with truncated Word attachments.

All fair points. Which brings us back to the beginning.
The option which got the biggest number of votes was along the lines of 
this:

for ($lines=$size=0; $lines<100 && $size<20_000; $lines++)
{
   $line = getnextline();
   $size += length($line);
   last if $size>20_000;
   push @SAinput, $line;
   last if $line =~ /^\s*$/;
}

It should keep copying lines until we hit a line that is only whitespace 
(or blank) or until we have copied 20k of extra data, whichever comes 
first. And it won't be confused by nearly 20k of extra data followed by 
1 huge line lasting for mbytes.

Is that a reasonable compromise?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at MailScanner.biz

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.0 (Build 1112)
Charset: UTF-8

wj8DBQFE8xiVEfZZRxQVtlQRAkSBAJ4xQhTD87JW07O0i1UitiFhVtM7dgCgg+AJ
T8S80gm7VYiKMuOOz1pUENs=
=NDf+
-----END PGP SIGNATURE-----

More information about the MailScanner mailing list