The release of the spam filtering platform is available - SpamAssassin 3.4.5. SpamAssassin implements an integrated approach to blocking decisions: the message is subjected to a number of checks (context analysis, DNSBL black and white lists, trained Bayesian classifiers, signature verification, sender authentication using SPF and DKIM, etc.). After evaluating the message by different methods, a certain weight coefficient is accumulated. If the calculated coefficient exceeds a certain threshold, the message is blocked or marked as spam. Means of automatic update of filtering rules are supported. The package can be used on both client and server systems. The SpamAssassin code is written in Perl and distributed under the Apache license.
The new release resolves a vulnerability (CVE-2020-1946) that could allow an attacker to execute system commands on a server when setting unverified blocking rules obtained from third-party sources.
Non-security related changes include improvements to the OLEVBMacro and AskDNS plugins, improvements to the process of matching data in the Received and EnvelopeFrom headers, fixes in the userpref SQL schema, code improvements for rbl and hashbl checks, and a fix for TxRep tags.
It is noted that the development of the 3.4.x series has been discontinued and changes will no longer be placed in this branch. An exception is made only for fixes of vulnerabilities, in case of which release 3.4.6 will be generated. All developer activity is focused on the development of the 4.0 branch, which will implement full-fledged native UTF-8 processing.
Source: opennet.ru