On Wed, Mar 12, 2003 at 11:27:56PM -0600, Matthew S. Hallacy wrote:
> That's because you're scanning before the footer is added:
> 
> 20_ratware.cf:header RATWARE_GROUPMAIL  ALL =~ /Group Mail/
> 20_ratware.cf:describe RATWARE_GROUPMAIL        Bulk email software fingerprint (Group Mail) found in headers
> 50_scores.cf:score RATWARE_GROUPMAIL 2.900
> 
> "Twin Cities Linux Users Group Mailing List"
>                          ^^^^^^^^^^
> 
> I emailed the spamassassin guys, they didn't reply, a small change
> in the footer (such as an extra space) would fix it.

Assuming you're running the latest version, they must have simplified
(and broken) that rule somewhere along the way.  With the current
Debian woody version (2.20), I've got:

20_head_tests.cf:header RATWARE ALL =~ /(?:4\.\.72\.1712\.3|ACE Contact Manager|Aristotle Mail|Avalanche|Calypso|clansoft|Cognigen|Cyber-Bomber|Crescent|DiffondiCool|Dynamic Mail Server|CTMailer|E-Broadcaster|E-mail Magnet|Ellipse Bulk Emailer|EmailBlaster|Emailer.Platinum|eMerge|Extractor|Floodgate|FlashSend|Goldrush|Group Mail|Internet Marketing|Mailcast|MailKing|MassE-Mail|massmail\.pl|Matchmaker|NetMailer|News Breaker|pop3.report|RamoMail|Ready Aim|Shopping.Planet|Stalker.s|TBBS\/TIGER|TOO BAD|TotalMailTURBO Mail|V3,1,6,1|V3,1,2,0|V3,2,2,0|V.null.\.1712\.3|WindoZ|WinNT.s.Blat|WorldMerge|YMR)/
20_head_tests.cf:describe RATWARE               Bulk email software fingerprints found in headers
50_scores.cf:score RATWARE                        -0.703

Simply changing the test to /\bGroup Mail\b/ seems like it should be
sufficient to fix that rule.

-- 
The freedoms that we enjoy presently are the most important victories of the
White Hats over the past several millennia, and it is vitally important that
we don't give them up now, only because we are frightened.
  - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)

_______________________________________________
Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list