> -----Original Message----- > From: Ryan Moore [mailto:[EMAIL PROTECTED] > Sent: Monday, August 25, 2003 2:51 PM > To: [EMAIL PROTECTED] > Subject: [SAtalk] Spam using invalid Mime headers to bypass > SpamAssassin? > > > I got an email that made it by spamassassin with virtually no hits, > which looks like it used some wierd mime technique to get through > spamassassin. I put the source of the email at > http://h0b0.net/brokenmime.txt. I also edited the message and > put some > simple mime headers in it and passed it through spamassassin > and it got > 7.7 hits, I put the source of that at http://h0b0.net/fixedmime.txt. > > Is it valid to specify a different boundary in the mime > header (when not > attaching a rfc822 source message)? This message did that it appears, > though I'm no mime expert so I'm not sure if that is a valid > thing to do > or not. In any case, is this a bug of some sort with SpamAssassin? > > Ryan Moore > ---------- > Perigee.net Corporation > 704-849-8355 (sales) > 704-849-8017 (tech) > www.perigee.net > >
Acutally I've looked at it further. Your example is the same as the others using the trick. I have a question: Should a legit mime boundary contian only 2 lines with the boundary? Start and end? These seemed to be nested boundary lines. All having the same ID. If legit is supposed to only have a start and end boundary line, then someone should be able to right a quick eval to check for more then one instance of the original boundary tag. Comments? --Chris Santerre ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
