base64 spam

[Barry Gould]

<x-flowed>

At 06:06 PM 11/7/2002, Allyn Fratkin wrote:
this should be the same but more succinct:
>:0fHB
>* B ?? ^X-Bogosity: No
>* ? unbase64 | bogofilter
>| formail -I"X-Bogosity: Yes, tests=bogofilter-unbase64"

Hi Allyn,
I'm guessing this checks spam status, and if bogofilter says NO, it then 
runs it through unbase64 and bogofilter again.

Would it instead be possible to look for
"Content-Transfer-Encoding: base64"
in the message header to decide where to use unbase64 or not?

I know it is possible to have a multipart message, but after a quick look 
over all my base64 spam from this week, it looks like almost all the 
multipart messages I recieved were worms, not spam.
Regardless, if spammers start sending multipart, we could check for a 
"multipart" tag in the headers, or for "Content-Transfer-Encoding: base64" 
in the body.

Does that make sense/sound reasonable?

Also, I'd like to thank everyone for their help!

Thanks,
Barry
</x-flowed>