Michael Bell wrote on Thu, 19 Jun 2003 09:59:34 -0700 (PDT):
> Base64 is used quite legitimately by Outlook, Notes, and GW, in
> international settings.
>
I partly disagree. You can use QP. I don't know how this works for Asian
characters, but it works well for European languages. Not to mention
--On Thursday, June 19, 2003 1:54 PM +1000 Robin Whittle
<[EMAIL PROTECTED]> wrote:
Does anyone know of a single non-spam message which is sent this way?
What software, other than that of spammers, would generate such messages?
If these two questions draw a blank, then perhaps the score for th
Abigail -
No. Sorry. You are incorrect. It's understandable that you are, but
let me explain
Base64 is used quite legitimately by Outlook, Notes, and GW, in
international settings. Clearly you don't do much business with
Eastern Europe or Asia - their mail is riddled with it (not just the
spam yo
Robin Whittle wrote on Thu, 19 Jun 2003 13:54:26 +1000:
> unless there really are legitimate messages being sent with
> base-64 encoding:
>
yes, there are, because some )()%&$% email programs, most notably Outlook
Express, offer this encoding for text messages.
And, yes, SA decodes them and appl
Justin Mason wrote:
> If you have a base64-encoded mail that SpamAssassin cannot see
> inside, it's a bug and should be filed as such at
> http://bugzilla.SpamAssassin.org/ .
I have done this, reporting the bug for SA 2.55:
http://bugzilla.spamassassin.org/show_bug.cgi?id=2091
The problem wit
Abigail Marshall <[EMAIL PROTECTED]> writes:
> Also, you have said that SA parses out the Base64 comment, but the
> post that started this discussion came from someone who had a heavily
> porn-laden piece of spam come through, and their SA failed to register
> any tests on the body.
A sample size
Robin Whittle wrote:
Thanks for this Abigail:
Abigail hasn't, but I have.
I would simply recommend that you raise the score in the
local.cf file for the SA test BASE64_ENC_TEXT to near or
above your minimum spam threshhold. I have yet to see a
*valid* email that is Base-64 encoded.
Indeed. From
Hello Daniel,
Wednesday, June 18, 2003, 11:17:06 PM, you wrote:
DQ> Well, the rule (renamed in 2.60-cvs) does false positive about 0.03% of
DQ> the time:
Thanks for the detailed explanation. I think the nice thing
about SA is that it is user customizable - a false positive
rate of more than 0.
Robin Whittle <[EMAIL PROTECTED]> writes:
> Its my impression that for these two reasons:
>
> 1 - SpamAssassin and maybe other filtering systems don't read the
> decoded contents of base-64 encoded material.
Wrong. It does.
> 2 - SpamAssassin scores this encoding only moderately positi
Robin Whittle said:
> 1 - SpamAssassin and maybe other filtering systems don't read the
> decoded contents of base-64 encoded material.
Certainly not the case. If you have a base64-encoded mail that
SpamAssassin cannot see inside, it's a bug and should be filed
as such at http://bugzilla.S
Abigail Marshall <[EMAIL PROTECTED]> writes:
> Apparently so; but it does correctly identify the email as being
> base-64 encoded. I would simply recommend that you raise the score in
> the local.cf file for the SA test BASE64_ENC_TEXT to near or above
> your minimum spam threshhold. I have yet to
Hello Robin,
RW> Indeed. From now on such messages have a one-way ticket to
RW> the spam pit:
RW> score BASE64-ENC-TEXT 100.0
Hmm, given Alain's comments, it might be better to simply
assign a score close to the default spam thresshold for your
system, for reasons I will detail below.
RW>
AF> On Thu, Jun 19, 2003 at 01:54:26PM +1000, Robin Whittle
AF> wrote:
>> Thanks for this Abigail:
>>
>> > I have yet to see a
>> > *valid* email that is Base-64 encoded.
>>
AF> Lucky you. I see quite a few. The crappy e-mail client "Incredimail"
AF> that is unfortunately quite popular likes t
On Thu, Jun 19, 2003 at 01:54:26PM +1000, Robin Whittle wrote:
> Thanks for this Abigail:
>
> > I would simply recommend that you raise the score in the
> > local.cf file for the SA test BASE64_ENC_TEXT to near or
> > above your minimum spam threshhold. I have yet to see a
> > *valid* email that
Thanks for this Abigail:
> I would simply recommend that you raise the score in the
> local.cf file for the SA test BASE64_ENC_TEXT to near or
> above your minimum spam threshhold. I have yet to see a
> *valid* email that is Base-64 encoded.
Indeed. From now on such messages have a one-way tick
RW> Does this mean that SpamAssassin is blind to the contents of base-64
RW> encoded HTML?
Apparently so; but it does correctly identify the email as
being base-64 encoded. I would simply recommend that you
raise the score in the local.cf file for the SA test
BASE64_ENC_TEXT to near or above your
One of the few false negatives I mentioned in a recent message was an
HTML spam, where the HTML message was encoded as base-64.
The start of the message body is:
--
--=_NextPart_F83_4BC1_E4708BB4.69BBB339
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Enc
17 matches
Mail list logo
