Does anyone have an eval rule for an invalid encoding header? I often see spam with this pattern:
From: Roland Contomichalos <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Ultimate HGH 1000 - Lose Weight while you sleep Date: Fri, 04 Oct 2002 11:35:14 -0400 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Spam-Prev-Content-Type: text/html X-Spam-Prev-Content-Transfer-Encoding: 7bit PGh0bWw+DQo8aGVhZD4NCjx0aXRsZT5VbHRpbWF0ZSBIR0ggMTAwMCAtIExvc2Ugd2VpZ2h0 IHdoaWxlIHlvdSBzbGVlcDwvdGl0bGU+DQo8L2hlYWQ+DQo8Ym9keSBiZ2NvbG9yPSIjRkZG RkYiPg0KPHRhYmxlIGJvcmRlcj0wIGFsaWduPSJjZW50ZXIiIHdpZHRoPTgwJT4NCjx0cj4N .............. Note that is was originally sent as text/html, but seems to be base64 encoded in the body. That inconsistency is what I want to detect. I'm using SpamAssassin 2.31 (I'm not able to upgrade right now). Erik ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
