base64 spam
Barry Gould
BarryGould at PennySaverUSA.net
Fri Nov 8 19:55:00 CET 2002
<x-flowed>
At 06:06 PM 11/7/2002, Allyn Fratkin wrote:
this should be the same but more succinct:
>:0fHB
>* B ?? ^X-Bogosity: No
>* ? unbase64 | bogofilter
>| formail -I"X-Bogosity: Yes, tests=bogofilter-unbase64"
Hi Allyn,
I'm guessing this checks spam status, and if bogofilter says NO, it then
runs it through unbase64 and bogofilter again.
Would it instead be possible to look for
"Content-Transfer-Encoding: base64"
in the message header to decide where to use unbase64 or not?
I know it is possible to have a multipart message, but after a quick look
over all my base64 spam from this week, it looks like almost all the
multipart messages I recieved were worms, not spam.
Regardless, if spammers start sending multipart, we could check for a
"multipart" tag in the headers, or for "Content-Transfer-Encoding: base64"
in the body.
Does that make sense/sound reasonable?
Also, I'd like to thank everyone for their help!
Thanks,
Barry
</x-flowed>
More information about the Bogofilter
mailing list