SpamAssassin v3.2.0 can cause very high loads in MailScanner

There is a bug in many rules that used to work fine for versions of SpamAssassin prior to v3.2.0. This new release affects some regex traps when non-ascii characters are pushed through them. The generated error causes the SpamAssassin checks in MailScanner to loop which can result in extraordinary high server loads.The included SpamAssassin rules with v3.2.0 appear to be fine (to our knowledge at present) but some third-party ones are not. These include some from the SARE repository used by the openprotect service:http://www.gossamer-threads.com/lists/spamassassin/users/100450It’s worth noting that we have only seen this issue arise on one server so far since the release of SpamAssassin v3.2.0.If you experience this problem, or want to avoid it, you will have to disable the openprotect rules from our MailScanner package script /root/sa_rules.shYou can do this by commenting out the appropriate line so that the file looks like:

#!/bin/sh/usr/bin/sa-update#/usr/bin/sa-update –nogpg –channel saupdates.openprotect.com/sbin/service MailScanner reload

You then need to remove any download rules using:

rm -Rfv /var/lib/spamassassin/3.002000/saupdates_openprotect_com/

You can then re-enable by removing the # in the openprotect line in /root/sa_rules.sh once these issues have been fixed.Of course, the downside to all this is that SpamAssassin will be less able to assign higher scores to likely spam.