Hi! I'm new to this list, so please forgive me if my behavior is inappropriate in asking this question or if it has already been asked before.
I run SpamAssassin 2.61 and it catches a lot of spam, but lately, there is spam getting through that has bare dictionary words in the ASCII part of a MIME message and all the usual junk in the multimedia part. When reading these e-mails in Outlook or something like that, the client renders the messages beautifully and displays all the HTML and executes all the arbitrary code that comes with it. If I have frugal message display rules in KMail for instance, I only see the ASCII part, which looks a lot like this; chop horse local mandarin blue caspian chlorine run please quest jargon technical longevity The amount of text is varying, but it appears difficult to train a bayes database to distinguish these as bad words, yet retain them as good words. Practically these spam mails don't auto-train on my users because I have the auto_learn_threshold_spam and auto_learn_threshold_nospam set way out of the required_hits range. That ensures that only AWL mail is treated as good enough to train on as is really bad spam. So for me this is a nuisance more than anything else, but it is getting to be irritating to many of my users. After glancing at the RFCs for MIME (1521 and onwards), it appears that the intention of MIME is to carry two similar copies of a message, one padded with multimedia junk and one in bare text. Suppose some fuzzy comparison between the ASCII portion and the multimedia portion could be done? I don't know how fuzzy or even where to start, so I am asking on this list in case I have missed something obvious. So the question finally, is, how do I protect against this type of spam? -Alex ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
