You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jason Haar <Ja...@trimble.co.nz> on 2008/04/24 05:58:55 UTC
MIME_BASE64_TEXT FPs growing
Hi there
I'm getting more and more valid email from Windows environments that
have been totally encoded in BASE64. Mixtures of Unicode and
forwarding/replying seems to trigger things like Exchange to just
re-encode the whole thing as Base64.
Looking through our logs I can see a fair amount of mail getting scores
between 5-10 that contain that rule - that look like they aren't spam.
I can just reduce that score down to 0.5 to fix the problem for us -
but do others think the current score of 2.7 is too high?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: MIME_BASE64_TEXT FPs growing
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> At 08:53 24-04-2008, Theo Van Dinter wrote:
> >Looking at yesterday's mass-check results:
> >
> > 0.445 0.4598 0.1144 0.801 0.75 2.70 MIME_BASE64_TEXT
> >
> >It's not useful as a spam rule, not sure why it has such a high score. I'd
> >probably just make it an info rule if anything uses it, or otherwise
> >remove it.
On 24.04.08 09:09, SM wrote:
> It was useful as a spam rule before. It no longer is because of myspace.
blame myspace, not SA
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
Re: MIME_BASE64_TEXT FPs growing
Posted by SM <sm...@resistor.net>.
At 08:53 24-04-2008, Theo Van Dinter wrote:
>Looking at yesterday's mass-check results:
>
> 0.445 0.4598 0.1144 0.801 0.75 2.70 MIME_BASE64_TEXT
>
>It's not useful as a spam rule, not sure why it has such a high score. I'd
>probably just make it an info rule if anything uses it, or otherwise
>remove it.
It was useful as a spam rule before. It no longer is because of myspace.
Regards,
-sm
Re: MIME_BASE64_TEXT FPs growing
Posted by Theo Van Dinter <fe...@apache.org>.
Looking at yesterday's mass-check results:
0.445 0.4598 0.1144 0.801 0.75 2.70 MIME_BASE64_TEXT
It's not useful as a spam rule, not sure why it has such a high score. I'd
probably just make it an info rule if anything uses it, or otherwise remove it.
On Thu, Apr 24, 2008 at 03:58:55PM +1200, Jason Haar wrote:
> Hi there
>
> I'm getting more and more valid email from Windows environments that
> have been totally encoded in BASE64. Mixtures of Unicode and
> forwarding/replying seems to trigger things like Exchange to just
> re-encode the whole thing as Base64.
>
> Looking through our logs I can see a fair amount of mail getting scores
> between 5-10 that contain that rule - that look like they aren't spam.
>
> I can just reduce that score down to 0.5 to fix the problem for us -
> but do others think the current score of 2.7 is too high?
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
Randomly Selected Tagline:
"How to heat turkey: Put turkey in oven @ 350 degrees until hot."
- Supermarket turkey cooking instructions