Fuz2 false positive

Jeff Mincy mincy@rcn.com
Tue Apr 22 13:19:42 UTC 2008


   From: Vernon Schryver <vjs@calcite.rhyolite.com>
   Date: Sat, 19 Apr 2008 02:26:53 GMT
   
   > From: "Paul R. Ganci" <ganci@nurdog.com>
   
   > dcc_fuz2_max NUMBER
   > **
   >     This option sets how often a message's body/fuz1/fuz2 checksum must
   >     have been reported to the DCC server before SpamAssassin will
   >     consider the DCC check as matched. 
   >
   >     As nearly all DCC clients are auto-reporting these checksums, you
   >     should set this to a relatively high value, e.g. |999999| (this is
   >     DCC's MANY count).
   >
   >     The default is |999999| for all these options.
   >
   > Since DCC's many count is 999999 then setting this to 1000000 (or 
   > higher) should in principle disable the fuz2 check in spamassassin since 
   > spamassassin should never get a count higher.
   
   The internal numeric equivalent of the DCC checksum value "MANY" is
   *not* 999999.  999999 is merely the number to which SpamAssassin
   translates the string "MANY".  The true internal value is almost 17
   times larger than 999999.  I'll not say what the value is to forestall
   other ill advised translations of "many."  "Many" is simply the largest
   possible value of a DCC checksum count.  Think of it as like a mathematical
   projective infinity or like IEEE 754 floating point +infinity.

   To turn off the FUZ2 checksum, try teaching SpamAssassin to look for
   the string "bulk" in the X-DCC header instead of any particular number.
   (SpamAssassin may already look for "bulk" in X-DCC headers; I've forgotten
   and don't feel like looking at the SpamAssassin source yet again.)
   ...
   Vernon Schryver    vjs@rhyolite.com

SpamAssassin translates body/fuz1/fuz2 values of "many" to 999999 and
then compares the translated body/fuz1/fuz2 values to
dcc_body_max/dcc_fuz1_max/dcc_fuz2_max which default to 999999.  So,
by default the DCC_CHECK test hits if at least one of the
body/fuz1/fuz2 values is "many".

SpamAssassin will short-circuit if there is a X-DCC header with
"bulk".  Otherwise, SpamAssassin uses either dccproc or dccifd to get
the dcc response.   



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.