On Tue, 11 Aug 2009, Justin Mason wrote:
is it visible in the default MUA rendering when you open the message, or
do you have to click on the attachment to display it? If the former, we
should probably include it in body/rawbody. If the latter, we generally
do not.
Good catch, I didn't notice that initially...
The MIME header for the attachment is probably useful as a spam sign:
------=_NextPart_000_00E6_01C2A9A6.096DB722
Content-Type: application/octet-stream; name="Yahoo Awards Center.txt"
Content-Disposition: attachment; filename="Yahoo Awards Center.txt"
Content-Transfer-Encoding: base64
A .txt file attached as application/octet-stream is certainly valid but
probably quite unusual. I've put a rule for this into my sandbox, we'll
see how it does.
I don't know whether SA should trust the filename extension in this
situation.
On Tue, Aug 11, 2009 at 02:24, John Hardin<[email protected]> wrote:
Folks:
I just got a 419/fillform spam where the bulk of the message was in a
base64-encoded plain text attachment. This effectively bypassed the
many BODY and RAWBODY tests that would have hit on the text had it been
included in the message body.
Should plain text attachments be scanned as regular message parts?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The difference is that Unix has had thirty years of technical
types demanding basic functionality of it. And the Macintosh has
had fifteen years of interface fascist users shaping its progress.
Windows has the hairpin turns of the Microsoft marketing machine
and that's all. -- Red Drag Diva
-----------------------------------------------------------------------
4 days until the 64th anniversary of the end of World War II
