-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I've started to see some spam with subjects like the following:
Satterwh, =?ISO-8859-1?B?bG93ZXN0IHByaWNlIGluc3VyYW5jZSB5ZXQu?=
This is an obvious attempt to hide the subject so that it won't be caught by rules. I tried to write a rule to trap this type of encoding as follows:
header LENCSUBJECT Subject =~ /\=\?.*\?\=/i Describe LENCSUBJECT (Local) Subject encoded score LENCSUBJECT 1.5
If I feed the pattern above into perl and then try to match on the subject line from this email, it matches true.
If I put it into my rules file and test against Spamassassin, it doesn't match. I'm obviously missing something. Can one of you gurus help?
To clarify Mike's answer, SA normally decodes QP, base64 and strips HTML tags before running rules.
adding :raw after "Subject" causes the rule to run before decoding. I verified your rule works with this change.
One other change... the keyword "describe" is not capitalized, fix it. (spamassassin --lint complains).
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
