> -----Original Message-----
> From: Ray Anderson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 26, 2005 10:05 PM
> To: users@spamassassin.apache.org
> Subject: RE: Investor and Stock spam
>
> > Err..
> >
> > body STOCK_SPAM
> >
> /inf0rmati(O|0)n|st0ck|profi\|e|invest0rs|pr0file|y0urse(l|\|)
> f|wil\||symb(o
> |0)\|/
> >
> > is more efficient.. and still will catch that crap in the
> subject line
> also.
> >
> > D
> >
> >
>
> Please excuse my ignorance....
>
> Would you want to make this a rawbody check so mime-embedded
> mime-encoded mails also get caught?
>
Body policies are applied against the decoded plain text body.. Html is
stripped, base64 decoded. So, a body policies is the proper way to do
this.. And some proof...
[EMAIL PROTECTED] bin]# echo -e "Content-Type:
text/plain;\nContent-Transfer-Encoding
: base64\n\ndGhpcyBpcyBteSBzdDBjayBzcGFtIGJvZHkuLi4K" | spamc
Content-Type: text/plain;
Content-Transfer-Encoding: base64
Subject: [SPAM-6.6]-
X-Spam-Prev-Subject: (nonexistent)
X-Spam-Score: 6.6
X-Spam-Report:
* 0.1 MISSING_HEADERS Missing To: header
* 5.0 STOCK_SPAM BODY: Common Stock Spam
* 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.5339]
* 0.3 MIME_BASE64_TEXT RAW: Message text disguised using base64
encoding
* 1.2 MISSING_SUBJECT Missing Subject: header
dGhpcyBpcyBteSBzdDBjayBzcGFtIGJvZHkuLi4K
D
