http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5041
------- Additional Comments From [EMAIL PROTECTED] 2006-08-11 01:27 -------
(In reply to comment #16)
> I just noticed: The debug logs in the previous comments don't say which rules
> are taking time. Only rules that hit are printed. Isn't there a script for
> profiling all rules?
You enable profiling in perl (perl -d:DProf ...) and then run dprofpp (see the
man page) and you can see the list. When I ran it, it looks like the main rules
are, unsurprisingly, the FUZZY_* list.
> So where is that UUE detecting code and how proof is it against spoofing?
OMG, he wants to go back to the 2.x code, nooooooo!
In a quick look around, the code in question was in PerMsgStatus which is
horribly trivial to bypass (this snippet in the loop generating the body text):
foreach my $line (@{$textary}) {
if ($uu_region == 0 && $line =~ /^begin [0-7]{3} .*/) {
$uu_region = 1;
next;
}
if ($uu_region) {
if ($line =~ /^[\x21-\x60]{1,61}$/) {
# here is where we could uudecode text if we had a use for it
# $decoded = unpack("%u", $line);
next;
}
elsif ($line =~ /^end$/) {
$uu_region = 0;
next;
}
# any malformed lines get passed through
}
$_ .= $line;
}
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
