Bug in amavisd-new, or p5-DBD-mysql? (was: Re: false positives, tagged_above=0, and spam threshold)

David Newman dnewman at networktest.com
Mon Dec 31 23:08:12 CET 2018 


On 12/12/18 11:40 AM, Matus UHLAR - fantomas wrote:
>>> On 8/27/18 12:40 PM, David Newman wrote:
>>>> Again answering my own post: After a lot of searching, I found reports
>>>> of a previously known type-conversion bug in the Perl DBD-MySQL module
>>>> (aka p5-DBD-mysql on FreeBSD):
>>>>
>>>> https://github.com/perl5-dbi/DBD-mysql/issues/78
>>>>
>>>> https://lists.amavis.org/pipermail/amavis-users/2016-December/004674.html
>>>>
> 
>> On 8/29/18 8:35 AM, David Newman wrote:
>>> This post claims the problem is with amavisd-new, and not p5-DBD-mysql:
>>>
>>> https://de.postfix.org/pipermail/amavis-users/2017-January/004711.html
>>>
>>> Quoting: "The change is that [as of 4.038] p5-DBD-mysql now returns
>>> mysql doubles as perl doubles and mysql floats as perl floats (and not
>>> as a string anymore). This should be adressed [sic] by amavisd."
>>>
>>> In a followup, the maintainer for the Debian port of amavisd-new asks
>>> for more info to look into a patch, but that was in January 2017 and the
>>> port is still broken.
>>>
>>> I'm frankly not qualified to answer: Is this an amavisd problem, or a
>>> p5-DBD-mysql problem? As it is, amavisd-new is getting bad data.
> 
> On 12.12.18 09:33, David Newman wrote:
>> Was this data typing problem in amavisd-new ever resolved? As a
>> workaround, I'm still running an outdated version of p5-DBD-mysql with
>> other security issues, and now it's blocking an OS update.
>>
>> The current version of p5-DBD-mysql correctly handles perl doubles, but
>> amavisd-new then erroneously inserts tagged_above=0 values.
> 
> I don't see mention of this in amavis-2.11.1 release notes
> https://gitlab.com/amavis/amavis/blob/4766b478e8a9dab42359adf1fe718b3c684baa11/RELEASE_NOTES
> 
> 
> not issue report on gitlab
> https://gitlab.com/amavis/amavis/issues
> 
> please at least file a report

Sorry for the delay in responding.

I did open this as an issue two months ago, and haven't heard back:

https://gitlab.com/amavis/amavis/issues/7

I also posted this issue on this mailing list several months ago
(referenced in the Gitlab issue report above).

The same behavior exists with newer versions:

amavisd-new-2.11.1,1
p5-DBD-mysql-4.048 (or with any version later than 4.037)
spamassassin-3.4.2_2
mysql57-server-5.7.24_4
FreeBSD 12.0-RELEASE-p1

tl;dr version of the problem: amavisd-new creates many false positives
and inserts tagged_above=0 headers for mail below the configured spam
threshold

Please let me know if you need further info.

Regards,
David Newman

More information about the amavis-users mailing list