On Fri, Sep 10, 2004 at 03:48:17AM -0700, Loren Wilton wrote: > > First, the body-mime headers aren't typically visible to the user via MUA, > > so they're not included in the data that the standard rules run against. > > and yet they are considered one of the more important spam indicators. Lack > of normal visibility in an MUA is a poor justification for excluding > information in the mail from a spam classifier.
Nothing is excluded from "[the] spam classifier". It is, however, excluded from body rules which are explicitly meant to be a rendered version of the message, relatively close to what the user will see in an MUA (visible vs invisible HTML, HTML "rendering" (mostly tag removal but we process the tags internally to pull out information), b64/qp decoding, etc). > You are assuming here that the only use for examining mime headers are to > classify virui and worms. While that is the origin of this thread, I find Since the subject of this thread is "Catching Windows executables as attachments", yes, that's what I was talking about. :) > Well, its trivial if your name is Theo or Justin or Daniel and you work with > SA code 10 hours a day every day. In that case you probably know more Perl [...] > it, it is hardly a trivial undertaking to spend months learning a language > of surpassing crypticality, and then learn the undocumented (or otherwise) > innards of a major program, simply to be able to write a few simple rules. You don't need to get all upity about it. I'm simply stating that body mime headers have no place in the standard body rules (body, rawbody, and uri). They're meant to check one thing, you want to check something different. IMO, it would be pretty easy to get a new rule type as a plugin (if you don't know the perl to do it, I'm sure if you asked politely someone else could code it up). Then you can easily write rules to look for whatever you want to look for. If looking at that information became commonplace, the rule type/code would likely get merged into SA-proper. -- Randomly Generated Tagline: "The very powerful and the very stupid have one thing in common. Instead of altering their views to fit the facts, they alter the facts to fit their views ... which can be very uncomfortable if you happen to be one of the facts that needs altering." - Doctor Who, "Face of Evil"
pgpP690IKsehc.pgp
Description: PGP signature
