> -----Original Message----- > From: Ryan Moore [mailto:[EMAIL PROTECTED] > Sent: Monday, August 25, 2003 2:51 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Spam using invalid Mime headers to bypass > SpamAssassin? > > > I got an email that made it by spamassassin with virtually no hits, > which looks like it used some wierd mime technique to get through > spamassassin. I put the source of the email at > http://h0b0.net/brokenmime.txt. I also edited the message and > put some > simple mime headers in it and passed it through spamassassin > and it got > 7.7 hits, I put the source of that at http://h0b0.net/fixedmime.txt. > > Is it valid to specify a different boundary in the mime > header (when not > attaching a rfc822 source message)? This message did that it appears, > though I'm no mime expert so I'm not sure if that is a valid > thing to do > or not. In any case, is this a bug of some sort with SpamAssassin? > > Ryan Moore > ---------- > Perigee.net Corporation > 704-849-8355 (sales) > 704-849-8017 (tech) > www.perigee.net >
There have been similar methods used in the past. I have forwarded a bunch today to 2 people and I am awaiting a reply. This is a base64+mime trick. The body, rawbody, and uri rules simply get skipped over due to this trick. They have basically taken it one step further and added this pic.gif part. I hadn't realised that in the original thread about this kind of email. Temporary trick. The devs should have an answer soon for it. --Chris Santerre ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
