https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7945
Bug ID: 7945
Summary: Body rule matches base64 encoded attachment
Product: Spamassassin
Version: 3.4.2
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
Before I begin, sorry for the bad words.
I have the following rule:
> body P_BODY_EROTIC_2 /\b(s[ex][x*]y*)/i
> score P_BODY_EROTIC_2 4.00
> describe P_BODY_EROTIC_2 Contains erotic words (lvl 2)
This matches '\SEX' in the following part:
> --e377776277b5f9ac75ca38cb114545fc401b0359200d8ee9b8ec0316f84f
> Content-Type: application/pdf; name="Factuur 2106332.pdf"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="Factuur 2106332.pdf"
> X-EC0D2A8E-5CB7-4969-9C36-46D859D137BE-PartID:
> {66A1DC8F-3630-46E7-B4E5-672C81303766}
>
> Nzhvcv2E1rvucD9JG90/o+2OLe699KL7EB1wf0Rvuo/SEXcfvI47mzLd5RRyD3FPoIjbpUX8mQM1
> sPFA+9eV+NSezsous7uH+chNYrzjuuAwYQRwrYhQWdOSk8AxVX8Ko26Al8Mvh6kqerxviNvhdJa6
> 3Okul5sUWS41jz1pbje5zTNMusPtUkjSqpKl5CJnJBJxtbpkV6eU90xEa9VkDa6IKyhHpKKkD37H
> 7Pxxbs6x2cdm52Z//NZsc3NZTXTtxCcWTroPJzVB/bUOLnT/xR6v4xN1oq1jT9SJU0JpAyTpp11L
> f/5WaSA7/NGOrgvV0LHrz18+9TL5BsGVOpG2HVzp1z56DpwV5Ui2181TkuYWDJMJk62Txl57DUGL
NB: Above part has invalid base64, because it's only a small part of the full
attachment (to avoid sharing PII).
It looks like this attachment is seen as text and added to the `body` part
as-is. Obviously this isn't text the user normally sees, since the base64
doesn't say anything about this actual attachment contents.
Therefore — in my opinion — base64 encoded (non-textual?) attachments should be
ignored.
This bug might possibly be related / caused by #872 or #1259.
--
You are receiving this mail because:
You are the assignee for the bug.
