I just got a spam that slipped through SA, which is only a sound file; since you can't find spammish words and phrases in a sound file, it'll get past any filters that there might be.
The same spam had another intersting technique, like thus (after decoidng quoted-printable): <iframe src=cid:V34tfyBO41605h49r height=0 width=0> </iframe> Since "V34tfyBO41605h49r" is the sound file, a mail reader with better HTML rendering would have created a frame with the sound file as it's source, thus automatically playing it. No need to click an attachment; just look at that message and it starts blaring out it's message at you. We should probably check for frames and iframes that have a height or width of zero, since invisible frames are probably up to no good. -- Visit http://dmoz.org, the world's | Give a man a match, and he'll be warm largest human edited web directory. | for a minute, but set him on fire, and | he'll be warm for the rest of his life. [EMAIL PROTECTED] ICQ: 132152059 | _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
