Justin Mason wrote: > If you have a base64-encoded mail that SpamAssassin cannot see > inside, it's a bug and should be filed as such at > http://bugzilla.SpamAssassin.org/ .
I have done this, reporting the bug for SA 2.55: http://bugzilla.spamassassin.org/show_bug.cgi?id=2091 The problem with this spam was two blank lines between the MIME header and the start of the base-64 block. Reducing it to 1 blank lines produced vastly different and more detailed SA results, correctly identifying it as spam. Minutes later, Theo Van Dinter wrote to the bug that it is solved in version 2.60. There are all sorts of ways in which MIME headers can be mangled and email clients will still read them OK. This turned up with a virus which escaped Anomy Sanitizer's attention, due to extra spaces around the "=" in the filename lines. There was an easy fix, and the next version will cope with it fine. See: http://mailtools.anomy.net/archives/anomy-list/2003-06/ I think that SpamAssassin faces the same challenge in, ideally, having to cope with every mangled MIME header that clients might successfully read - because spammers and virus writers alike, through their own cluelessness and/or their desire to fool filters, will explore the limits of mangling the headers. Sorry for assuming that SA couldn't read into base-64 blocks. I assumed that base-64 was only properly used for non-text/HTML purposes, as seems to be generally the case. I suppose I should have imagined that someone would have written a mail client to do this, just to be different. As Alain Fauconnet wrote there are such things, such as the vile "feature"-encrusted: http://www.incredimail.com (12 million downloads) with animated graphic smilies for newbies who are innocently clueless about the mess such overcomplex messages would make on non-compatible clients. What I wrote about changing the score of the test: score BASE64-ENC-TEXT 100.0 should have been with underscores: score BASE64_ENC_TEXT (whatever) For now, I will leave mine set to 5.0. Other people who are more fussy about false positives will need to be more cautious, as wiser people have advised. - Robin ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
