On Wed, 11 Dec 2013, David F. Skoll wrote:
Hi,
Are others seeing instances whereby a spammer puts the real payload in
an HTML (foo.html), plain-text part (foo.txt), Word doc (foo.doc or
foo.docx) or an image (foo.png, foo.jpeg, etc) but with a MIME type
of application/octet-stream ?
Would it make sense to have rules that look for commonly-known filename
extensions in a MIME part of application/octet-stream and score those?
I know of no legitimate MUAs that will attach a PNG images as anything
other than image/png and similarly for the other filename extensions.
(Apologies if there are already rules for this... I haven't checked.)
Regards,
David.
Been there, tried it, too many FPs from Microsoft generated messages that
assume the only thing you need is the correct file extension.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
