|
|
Subscribe / Log in / New account

Security

Brief items

Keeping spamassassin current

Longtime users of SpamAssassin know that it can do an outstanding job of identifying spam. They also know, however, that the effectiveness of any particular SpamAssassin release tends to decline over time as spammers figure out how to craft messages which get past the rules. The Bayesian filter buried inside SpamAssassin can help a lot; it catches a fair amount of spam which evades the rules, and it evolves over time to keep up with what the spammers are doing - especially if you make a point of training the filter with its mistakes. Even so, frustrating amounts of spam can get through.

The situation is not helped much by the fact that the SpamAssassin rule base seems to be evolving slowly in recent times. The SpamAssassin developers have too many other things to do, perhaps, or maybe they would rather see the work done by the filter. In any case, some users would certainly like to see the rules updated more frequently.

The maintenance of an up-to-the-second set of SpamAssassin rules could well be a business opportunity for somebody, if the licensing issues could be worked out. But SpamAssassin users should also be aware of the custom rulesets page hosted on the SpamAssassin Wiki. This is a place where additional rules can be found to deal with specific problems; some of them might cut your spam load considerably.

Currently available rulesets include:

  • One aimed at "pill spam." Those of us not looking to fill our prescriptions over the net may welcome this one.

  • "Bigevil" simply contains URLs found in spam; it's a sort of content-based blacklist.

  • There is a set of rules for filtering out virus warnings.

  • "Tripwire" looks for combinations of letters which do not appear in English text, normally.

Several others exist as well; there is also a "RulesDuJour" script which can be used to automatically keep up to date with the rulesets as they are maintained. The custom rulesets won't solve the spam problem, but they can help to keep a mailbox a bit cleaner.

Comments (16 posted)

New vulnerabilities

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 libxml 2009-08-15
Fedora FEDORA-2009-8582 libxml 2009-08-15
Fedora-Legacy FLSA:1324 libxml2 2004-07-19
Conectiva CLA-2004:836 libxml2 2004-03-31
Gentoo 200403-01 libxml2 2004-03-06
Trustix TSLSA-2004-0010 libxml2 2004-03-05
OpenPKG OpenPKG-SA-2004.003 libxml 2004-03-05
Netwosix NW-2004-0004 libxml2 2004-03-04
Debian DSA-455-1 libxml 2004-03-03
Mandrake MDKSA-2004:018 libxml2 2004-03-03
Red Hat RHSA-2004:091-02 libxml2 2004-03-03
Whitebox WBSA-2004:090-01 libxml2 2004-03-01
Red Hat RHSA-2004:090-01 Cross 2004-02-26
Fedora FEDORA-2004-087 libxml2 2004-02-25
Red Hat RHSA-2004:091-01 libxml2 2004-02-26

Comments (none posted)

xboing - buffer overflows

Package(s):xboing CVE #(s):CAN-2004-0149
Created:February 28, 2004 Updated:March 3, 2004
Description: Steve Kemp discovered a number of buffer overflow vulnerabilities in xboing, a game, which could be exploited by a local attacker to gain gid "games".
Alerts:
Debian DSA-451-1 xboing 2004-02-27

Comments (2 posted)

Page editor: Jonathan Corbet
Next page: Kernel development>>


Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds