Hi there. I'm new to the SpamAssassin world, so I hope this issue hasn't been discussed to death already.
SpamAssassin first come to my attention on the MIMEDefang mailing list when SA integration was added to 'Fang. I've been playing with it for a little while now, and I've been very pleased with the results. However, I noticed that a few messages which were clearly spam were sneaking through just under the threshold. It wasn't immediately obvious why this should be since the messages had all the hallmarks of blatant spam which typically gets quite a high score. I determined that the messages in question had their bodies base64 encoded. It would appear that SpamAssassin isn't decoding the base64 strings prior to doing its analysis. Since I'd been in the habit of manually decoding such messages so that I could report them via SpamCop, I did some testing. I took one of the messages which had scored 4.2 (threshold is the default 5.0), manually decoded the base64 string, and built a message using the same headers and the decoded message body. Using the commandline version of SA 2.01, I checked the decoded message and the score jumped to 19.1. Checking with SA 1.5 on a different machine, the score was 25. I had similar results with other messages. Some of them weren't as dramatic, but nearly all of the scores were bumped over the spam threshold due to hits from the decoded message body. Has anyone considered adding base64 decoding functionality to SpamAssassin in order to improve its accuracy on such messages? ---- Nels Lindquist <*> Information Systems Manager Morningstar Air Express Inc. _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
