> The problem is that if I have an email with an attachment, its possible
> the xxx part crops up from an encoded file. If I run the email through
> perl program with the same regex it doesn't pick it out, but SA seems
> to.
[source email] (full) ->
decoding -> [decoded email] (rawbody) ->
html decoding -> [text mail] (body)
Rawbody is the middle of the three steps. You are probably hitting on some
html tag or the like.
If you are looking for words that show up in visible text, or in the subject
in visible text, then use 'body' as your rule base. 'rawbody' is best used
when looking for html tags.
Loren
