https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6439
--- Comment #7 from Kent Oyer <kent.o...@gmail.com> --- Thanks for the quick response. I do have a real-world mail flow where I'm seeing this being exploited dozens of times per day. As far as a spec goes, I would recommend processing any application/octet-stream parts as text if the filename extension is html, htm, or shtml (case-insensitive). It might be wise to include other extensions such as xhtml but I'm not seeing that being exploited. Since there's no point in producing a patch for version 3, I'll try to solve my problem with ClamAV. Unfortunately there are legitimate senders that also use application/octet-stream to send HTML attachments so the only way to detect malicious intent is to examine the attachment contents. I can provide sanitized examples if that helps. Thanks Kent -- You are receiving this mail because: You are the assignee for the bug.
