On 2021-12-14 at 13:18:09 UTC-0500 (Tue, 14 Dec 2021 19:18:09 +0100)
Matus UHLAR - fantomas
is rumored to have said:
On 14.12.21 17:46, David Bürgin wrote:
Look into ‘normalize_charset 1’. For background maybe this:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7656
from what I remember
On 14.12.21 17:46, David Bürgin wrote:
Look into ‘normalize_charset 1’. For background maybe this:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7656
from what I remember, normalize_charset should not be used until SA 4.*
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.
Look into ‘normalize_charset 1’. For background maybe this:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7656
On 12/14/2021 5:36 AM, Benoît Panizzon wrote:
How do I do this? There is no rawheader or rawbody matcher as far as I
could determine.
The :raw modifier is what you're looking for:
header PP001 Subject:raw =~ /=\?UTF-8\?Q\?=E2=9C=85_Dein_Paket/
You can use the decoded/literal format
On Tue, Dec 14, 2021 at 11:36:00AM +0100, Benoît Panizzon wrote:
> Hi Gang
>
> At the moment we see a lot of phishing emails with UTF-8 encoded
> subject containing emojis like:
>
> =?UTF-8?Q?=E2=9C=85_Dein_Paket_wartet_auf_dich!_-14.12.2021-?=
>
> I noticed a Rule:
>
> headerPP001 Subj
How do I do this? There is no rawheader or rawbody matcher as far as I
could determine.
There is 'rawbody', but it may or may not help you. I seem to recall the
Subject is prepended to the body text, but I don't recall if it is prepended
to rawbody. You could try it.
Short of that, you may h
Hi Gang
At the moment we see a lot of phishing emails with UTF-8 encoded
subject containing emojis like:
=?UTF-8?Q?=E2=9C=85_Dein_Paket_wartet_auf_dich!_-14.12.2021-?=
I noticed a Rule:
header PP001 Subject =~ /=\?UTF-8\?Q\?=E2=9C=85_Dein_Paket/
is not matching.
Neiter does: /Dein_Paket/
Bu
