On Wed, 1 Sep 2004 Kelson Vibber wrote:
> It had to happen, I suppose. This morning I received a 996 KB message
> advertising, as near as I can tell, some Taiwanese take-out restaurant.
> And by Taiwanese, I don't mean style of cooking, but *location*.
> (Yeah, next time I go to lunch I'm definitely going to hop on a plane, fly
> halfway around the world, and eat at this place that spammed me in a
> language I can't read.)
>
> The message consisted of a small HTML component and a gigantic JPEG image.
> Had it been smaller, it would have easily scored 15 points even before Bayes
> training (as spamsassassin -t demonstrated), but we don't run anything
> through SA larger than 256 KB (as is usually recommended).
[snip..]
> So I'm wondering - any ideas on dealing with giant-attachment spam?
If you -know- that the non-binary part is small/moderate, throw it at
SA anyway. SA is programmed to skip over binary parts and not even try to
scan their contents, so no loss of speed.
Alternatvly front-end SA with a MIME filter such as MIMEDefang to
strip out the binary parts and feed the rest to SA if small enought.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
