You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@issues.apache.org on 2010/05/29 00:30:15 UTC
[Bug 6439] New: Extend the meaning of "textual parts" like MUAs
handle it
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6439
Summary: Extend the meaning of "textual parts" like MUAs handle
it
Product: Spamassassin
Version: 3.2.5
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Libraries
AssignedTo: dev@spamassassin.apache.org
ReportedBy: guenther@rudersport.de
"[...] is the textual parts of the message body; any non-text MIME
parts are stripped [...]" -- M::SA::Conf
The MUA happily will show the attached text based on the file name extension,
but the bloody Content-Type prevents SA from treating it as a textual part of
the message.
Content-Type: application/octet-stream; name="foo.txt"
SA should treat the attached text just like any other textual part with a
correct MIME Content-Type set, render it, use it for rules and Bayes, just like
an MUA.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6439] Extend the meaning of "textual parts" like MUAs handle it
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6439
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #1 from Kevin A. McGrail <km...@pccc.com> 2011-10-29 04:52:16 UTC ---
Can you add an example email in mbox format so I can test this in various MUAs?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6439] Extend the meaning of "textual parts" like MUAs handle it
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6439
--- Comment #3 from Karsten Bräckelmann <gu...@rudersport.de> 2011-10-29 23:41:38 UTC ---
(In reply to comment #1)
> Can you add an example email in mbox format so I can test this in various MUAs?
Sure, see attachment 5001.
Testcase of two trivial multipart/mixed MIME messages, with a text/plain and
application/octet-stream attachment respectively. Other than the second MIME
part's Content-Type (and Subject), both messages are identical.
This masquerading technique is used by 419 scammers, to get the actual text
past a content scanner. Body rules, as well as Bayes should be affected. The
topic has been discussed on the users list a few times.
It appears MUAs in wide-spread use (and most likely web-mail interfaces, too)
will happily show the content of the attachment based on the file extension or
content sniffing, even with binary-indicating Content-Type.
Trivial testcase ad-hoc body rule:
spamassassin --cf="body BUG_6439 /^Plain .*/" -D < MSG
2>&1 | grep BUG_6439
Only the text/plain variant will hit the body rule, and the debug output of
that greedy regex match will print the actual payload line in full. The
application/octet-stream variant will not hit that rule.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6439] Extend the meaning of "textual parts" like MUAs handle it
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6439
Rob Janssen <pe...@amsat.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pe1chl@amsat.org
--- Comment #4 from Rob Janssen <pe...@amsat.org> ---
Maybe new case (don't know if this is covered by what is written above):
Mime part like this:
Content-Type: application/octet-stream; name="Vordering.html"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Vordering.html"
Message also has a textual part that says "please read the attachment" or
similar.
The spam is in the html part that shows as an attachment in a mail program and
when opened shows in a browser.
But the content of this base64 encoded part cannot be examined with rawbody or
body patterns.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6439] Extend the meaning of "textual parts" like MUAs handle it
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6439
--- Comment #2 from Karsten Bräckelmann <gu...@rudersport.de> 2011-10-29 23:38:44 UTC ---
Created attachment 5001
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5001
testcase
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.