--On Friday, June 17, 2011 13:52 +0100 RW <rwmailli...@googlemail.com>
wrote:
2.4 HTML_ATTACH BODY: HTML attachment to bypass scanning?
html is encoded as an attached file rather than a normal html mime
section. Some email client will display such attachments.
That, and a SpamAssassin bug/feature, that it scans only MIME part 1.
So content that would score in part 1 goes unanalyzed in part 2. Some
spamware writer seems to be aware of this.
Unfortunately we can't score much for it, because there is some legit
software that does this. Ironically three are "secure email" systems
(I know of three, anyway). A link in part 1 opens the HTML attachment
in a new window, and that links you to the secure web page with the
secure message. But anyway, an HTML attachment is still odd enough to
rate a low score.
Joseph Brennan
Columbia University Information Technology
