Hello Folks, I wanted to test a theory so I've been trying to come up with a rule that will catch encoded strings in the subject of a message. So far I've tried the rules below, but none of them are hitting. Any suggestions?
rawbody T_SBJT_ENC /^Subject: ?=\?(us\-ascii|iso\-8859\-1|windows\-1251)\?/i describe T_SBJT_ENC Subject uses encoding (us-ascii, ISO or windows) score T_SBJT_ENC .01 full T_SBJT_ENC /^Subject: ?=\?(us\-ascii|iso\-8859\-1|windows\-1251)\?/i describe T_SBJT_ENC Subject uses encoding (us-ascii, ISO or windows) score T_SBJT_ENC .01 header T_SBJT_ENC Subject =~ /=\?(us\-ascii|iso\-8859\-1|windows\-1251)\?/i describe T_SBJT_ENC Subject uses encoding (us-ascii, ISO or windows) score T_SBJT_ENC .01 ** Both the rawbody and full tests where also tried without the anchor. ** What I'm looking for are subject headers as shown below: Subject: =?us-ascii?B?MCBNZW4sIGl0IHJlYWxseSB3b3JrcyEgZnA=?= iwsgfb Subject: =?iso-8859-1?b?SSBhbSBub3cgdG90YWxseSBkZWJ0IGZyZWU=?= Subject: =?windows-1251?B?QmExayBmaTF0ZXJzPyAtIGZvcmdldA==?= I'm not sure if there is some type of decoding going on before the test is applied or what. When I run the same expression with egrep it picks up the messages as expected. -- Scott ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
