According to http://marc.theaimsgroup.com/?l=spamassassin-announce&m=111886630726077&w=2 , SpamAssassin (versions 3.0.1-3.0.3) seems to be vulnerable to DoS attacks with certain misformatted long message headers causing sa to take a long time. I don't know the "correct" procedure, but shouldn't the old version of sa be marked hard-masked now? Reproducible: Didn't try Steps to Reproduce: This might be somehow related to bug #95492, though I'm not sure about that.
*** This bug has been marked as a duplicate of 94722 ***