On Wed, 6 Dec 2017 06:29:01 -0500 Kevin A. McGrail wrote: > I've added these rules to KAM.cf and would appreciate feedback. > > #MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the > idea #NUL > header __KAM_MAILSPLOIT1 From =~ /[\0]/ > describe __KAM_MAILSPLOIT1 RFC2047 Exploit
Note that this may be a bit dangerous without "normalize_charset 1" which causes text to be transcoded to UTF-8. In UTF-16 in particular all ASCII characters encode with a zero byte. Even with normalization there may be some headers that don't transcode properly. I've never seen a from header encoded in UTF-16, but then I don't get much mail in Asian languages.
