Mailing List Archive

FROM_IN_TO_AND_SUBJ hits on emails with empty subject
meta           FROM_IN_TO_AND_SUBJ  (__TO_EQ_FROM && __SUBJ_HAS_FROM_1)
header         __SUBJ_HAS_FROM_1    ALL =~ /\nFrom:\s+(?:[^\n<]{0,80}<)?([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*Subject:\s+[^\n]{0,100}\1[>,\s\n]/ism

If the from and the to are identical and the subject is empty, this rule
hits, e.g.

From: customer@example.com
Subject:
To: "Scan PC" <customer@example.com>

Since there is no restriction for \n in the \s+ after the subject, the
/to/ in the next line is matched. An easy fix would be to change \s+ by
[ \t]+ or something similar. The rule could also be cancelled by
__SUBJECT_EMPTY
Re: FROM_IN_TO_AND_SUBJ hits on emails with empty subject [ In reply to ]
On Wed, 30 Jan 2019, Olivier Coutu wrote:

> meta           FROM_IN_TO_AND_SUBJ  (__TO_EQ_FROM && __SUBJ_HAS_FROM_1)
> header         __SUBJ_HAS_FROM_1    ALL =~
> /\nFrom:\s+(?:[^\n<]{0,80}<)?([^\n\s>]+)>?\n(?:[^\n]{1,100}\n)*Subject:\s+[^\n]{0,100}\1[>,\s\n]/ism
>
> If the from and the to are identical and the subject is empty, this rule
> hits, e.g.
>
> From: customer@example.com
> Subject:
> To: "Scan PC" <customer@example.com>
>
> Since there is no restriction for \n in the \s+ after the subject, the /to/
> in the next line is matched. An easy fix would be to change \s+ by [ \t]+ or
> something similar. The rule could also be cancelled by __SUBJECT_EMPTY

Thanks for the report, I will fix that tonight.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
So Microsoft's invented the ASCII equivalent to ugly ink spots that
appear on your letter when your pen is malfunctioning.
-- Greg Andrews, about Microsoft's way to encode apostrophes
-----------------------------------------------------------------------
2 days until the 16th anniversary of the loss of STS-107 Columbia