> 1) MICROSOFT_EXECUTABLE replacement -- grab all /^text/, /^message/,
> and /^attachment/ parts, search for the base64 + uuencoded bits.
Okay, then. How about a generic rule to handle position-specific
decoded searches? This isn't quite rich enough, but once we provide a
way (an option, I think) for binary attachments to be decoded, the rest
is easy.
body BINARY_EXE eval:mime_part('part regexp','offset','body regexp')
...
body BINARY_EXE eval:mime_part('','0','TV[pq]QAA[MI]AAAAEAA[8A]A')
except using a binary regexp instead of the stupid base64 version
--
Daniel Quinlan anti-spam (SpamAssassin), Linux,
http://www.pathname.com/~quinlan/ and open source consulting
