On Tue, 2009-09-08 at 13:50 +1200, Jason Haar wrote:
> [...] Allowing spamd to only scan the first 50KB of text attachments
> would do the trick. I can't think of a way that could be misused by
> spammers? (ie they aren't going to send text-spam where the first 50KB
> is "bayes killer" and the final bit is the spam - potential customers
> won't scroll past the first couple of screens to find the spam).
I can.
It is indeed trivial to construct large messages, where the actual
payload is way down the end -- and the user will never see the bulk
above.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
