Hrmm, even better would be the following header check, which should be faster to process and harder to fake:
header PGP_MIME_SIGNATURE Content-Type =~ /multipart\/signed;
micalg.*application\/pgp-signature"/s
describe PGP_MIME_SIGNATURE Contains PGP-signed MIME attatchement
Due to every multipart/signed message I've seen containing a header
line similar to:
Content-Type: multipart/signed; micalg=pgp-DIGEST;
protocol="application/pgp-signature"; boundary="SomeBase64Mumble"
--
Jeremy Mates http://www.sial.org/
OpenPGP: 0x11C3D628 (4357 1D47 FF78 24BB 0FBF 7AA8 A846 9F86 11C3 D628)
msg01865/pgp00000.pgp
Description: PGP signature
