Error with EMTPY_MESSAGE

Hugo van der Kooij hvdkooij at vanderkooij.org
Sat Sep 13 09:22:25 IST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hugo van der Kooij wrote:
> Hi,
> 
> It seems to me that SA is flagging just about any message as EMPTY_MESSAGE.

Lets look at the lines:

# __MIME_ATTACHMENT also used in 20_meta_tests.cf
body __MIME_ATTACHMENT          eval:check_for_mime('mime_attachment')

# __MIME_ATTACHMENT defined in 20_html_tests.cf
body __NONEMPTY_BODY    /\S/
meta EMPTY_MESSAGE      !__MIME_ATTACHMENT && !__NONEMPTY_BODY
describe EMPTY_MESSAGE  Message appears to have no textual parts and no
Subject: text

The description is incorrect in my view. The subject is not even tested.
 I can not see that much else wrong. But it seems SA is still raising
the flag.

A sample message taken from quarantine that is marked as EMPTY_MESSAGE:


Received: from linuxbox.org (linuxbox.org [24.155.83.21])
        by balin.waakhond.net (Postfix) with ESMTP id B5FE217E9086
        for <hvdkooij at vanderkooij.org>; Sat, 13 Sep 2008 09:34:45 +0200
(CEST)
Received: from linuxbox.org (ge at localhost.localdomain [127.0.0.1])
        by linuxbox.org (8.13.8/8.13.8/Debian-3) with ESMTP id
m8D7Ye6a020101
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
        for <hvdkooij at vanderkooij.org>; Sat, 13 Sep 2008 02:34:41 -0500
Received: from localhost (ge at localhost)
        by linuxbox.org (8.13.8/8.13.8/Submit) with ESMTP id m8D7YeFc020098
        for <hvdkooij at vanderkooij.org>; Sat, 13 Sep 2008 02:34:40 -0500
Date: Sat, 13 Sep 2008 02:34:40 -0500 (CDT)
From: Gadi Evron <ge at linuxbox.org>
To: Hugo van der Kooij <hvdkooij at vanderkooij.org>
Subject: Re: community real-time BGP hijack notification service
In-Reply-To: <48CB64A5.3030109 at vanderkooij.org>
Message-ID: <Pine.LNX.4.62.0809130234310.27350 at linuxbox.org>
References: <Pine.LNX.4.62.0809120700060.22273 at linuxbox.org>
 <48CB64A5.3030109 at vanderkooij.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.7.5
(linuxbox.org [127.0.0.1]); Sat, 13 Sep 2008 02:34:41 -0500 (CDT)

Thanks for the note!
Will be fixed shortly.


On Sat, 13 Sep 2008, Hugo van der Kooij wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
....<message remainde left out>

- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIy3g/BvzDRVjxmYERAjV6AJ9RMkLrv7MK9BJIT6MshMhDpsTwUwCeKQHj
NUpXrtzTUEe/XPx7m8jtT30=
=IA1Q
-----END PGP SIGNATURE-----

More information about the MailScanner mailing list