| Main Archive Page > Month Archives > spamassassin-users archives |
Re: [sa] Re: Finding URLs in html attachments
From: John Hardin <jhardin_at_nospam>Date: Mon Mar 01 2010 - 23:24:31 GMT
To: users@spamassassin.apache.org
On Mon, 1 Mar 2010, Charles Gregory wrote:
> On Mon, 1 Mar 2010, David B Funk wrote:
>> > Looks like he may have to use a 'full' test to look for the references
>> > to
>> > paypal....
>> Been there, done that, doesn't work.
>> AFAIK SA ignores 'octet/binary' attachments for the rule engine. None of
>> the rules that I tried (uri, body, full, rawbody) "saw" anything that was
>> known to be in one of those attachments.
>
> You may have to examine the 'raw' message and look for 'encoding' that
> disguises the URI's in the attachment. Ths whole thing might be encoded
> as base64 or something... A real mess to work with. You might have more
> success making a rule that looks for mime headers that are type 'octet'
> but named 'html'.
I already have some rules for that in my sandbox, but IIRC they aren't
scoring too well on ruleqa.
> You won't be able to score that too high on its own,
> but it might combine well in a meta rule with certain buzz phrases from
> the text portions of the e-mail.
...or look into the TextExtract plugin as Benny suggested.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Where We Want You To Go Today 07/05/07: Microsoft patents in-OS adware architecture incorporating spyware, profiling, competitor suppression and delivery confirmation (U.S. Patent #20070157227) ----------------------------------------------------------------------- 13 days until Albert Einstein's 131st Birthday