On Mon, 15 Aug 2011, Michael Parker wrote:
On Aug 15, 2011, at 5:14 PM, [email protected] wrote:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6649
--- Comment #8 from Justin Mason <[email protected]> 2011-08-15 22:14:02 UTC ---
it's a phish containing the following MIME headers:
Content-Type: ;
name="UPS_document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="UPS_document.zip"
and a phishing attachment which is then being interpreted as text.
That's because it's missing a Content-Type and SpamAssassin is
interpreting that as text/plain. Anyone have any thoughts on how to
prevent that?
Apart from trusting the filename extension? Examining the first few bytes
of the attachment for non-ASCII characters (excluding UTF encoding
markers) is the only thing that springs to mind.
File::Type perhaps? Or is that overkill?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Usually Microsoft doesn't develop products, we buy products.
-- Arno Edelmann, Microsoft product manager
-----------------------------------------------------------------------
Today: the 66th anniversary of the end of World War II
