KB_FAKED_THE_BAT

Hello all,

Just an FYI ...

The meta rule in 72_active.cf "KB_FAKED_THE_BAT" is getting circumvented
here because the meta rule component

 header   __KB_DATE_CONTAINS_TAB  Date:raw =~ /^\t

is being evaded by spam that now has a space character before the tab:

# grep Date: HEADERS | od -a
0000000   D   a   t   e   :  sp  ht   T   h   u   ,  sp   3  sp   M   a
0000020   y  sp   2   0   1   2  sp   1   6   :   5   3   :   5   9  sp
0000040   +   0   7   0   0  nl
0000046vi H*

This has been Russian language spam (charset koi8-r) with various
flavors of X-Mailer: The Bat!

-- Mike G.