SUBJECT 15 CONTAINS =?ISO-8859-1?b?
ISO-8859 is Latin-1, which is the standard character set and there is no need to be encoding Latin-1 except to get around content filters.
Declude doesn't decode base64 encoded subjects, so running filters against this stuff is useless, though I believe that SpamChk will do decoding...but again, I don't see why bother until some mail client starts exhibiting this behavior (please speak up if you have seen this).
This is a perfect example of how an obfuscation method can be more indicative than the content itself.
Matt
Mike Leonard wrote:
John Tolmachoff (Lists) wrote:
How can you decode the encoded subject lines so as to see what it is and then create a filter?
Things like:
=?ISO-8859-1?b?RUVOVCBjaGVjayBzdG9jayBjaGFydA==?= =?ISO-8859-1?b?RUVOVCBQcm9kdWN0aW9uIFByb2dyZXNz?= =?ISO-8859-1?B?SGk=?=
I've only been able to seen the actual subject in a mail client. Here are the filter entries I have for the screwy encodings:
SUBJECT 40 CONTAINS =?ISO-8859-1?b? SUBJECT 40 CONTAINS =?koi8-r SUBJECT 40 CONTAINS =?windows-1251?B?
Mike
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
