[Esd-l] Sanitizer and SpamAssassin

John D. Hardin jhardin at impsec.org
Sat Apr 10 09:51:08 PDT 2004


At work I'm now using SpamAssassin along with the sanitizer, and
noticed that the image defanging was interfering with SpamAssassin's
built-in image rules.

So I fiddled around a bit, and now SA treats DEFANGED_IMG as
equivalent to IMG (etc. for the rest of the tags).

Anybody who's running SA 2.63 after the sanitizer is welcome to use
this patch as well. If you're running SA *before* the sanitizer it's
not necessary.

Download it, and cd to wherever the SA files are installed (in my
case, /usr/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/) and then run:

        cp HTML.pm HTML.pm.old                (always back up!)
        patch < SA-Sanitizer.patch

The SA developers don't want to try to deal with a multitude of
possible ways to mangle HTML, so it makes sense that this patch should
be hosted by me.

Patch is available at:


(and on the mirrors as well)

Not sanitizer related:

I've also written a little perl script that will generate SA rules for
obfuscated words from a word list. You can use it to generate a useful
ruleset by itself, or as a starting point for more complicated rules.

Try it out! I've found it quite handy.


As always, comments solicited on both. Enjoy!

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  Bush? Kerry? I'm so sick of our elections always being "choose the
  lesser of two evils."
   206 days until the Presidential Election

More information about the esd-l mailing list