> Did you play it? (or at least look at it more closely) Is it really a > sound file? Some viruses lately are wandering around with different > filenames and content-types. foo.exe and audio/wav, that sort of thing. > > (I'll bet that /<i?frame /i itself is a decent spam indicator ...)
I think that would be a great addition to SA, although I see more virus emails formatted like that than actual spam. I'm trying the following in my custom rules file: rawbody HTML_FRAMES /<i?frame /i describe HTML_FRAMES HTML with an embedded frame score HTML_FRAMES 4.0 (Actually I'm using Outlook 2000 and I still don't see or hear the content anyway, since I have iframes turned off in the security settings.) -- michael moncur mgm at starlingtech.com http://www.starlingtech.com/ "Research is the process of going up alleys to see if they are blind." -- Marston Bates _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
