f



[procmail] =?ISO-8859-1?B? 'encoded' Subject:

I had a piece of spam slither through and escape detection by my
procmail recipes:

   Subject: Re: Order Xanax Directly from Here

hmmmm......  Using VERBOSE, I saw "no match" on my Subject: test.
Looking at the raw email, I see this for the Subject:

   Subject: Re: =?ISO-8859-1?B?T3JkZXIgWGFuYXggRGlyZWN0bHkgZnJvbSBIZXJl?=

What's a Spam Fighter to do?

Jonesy
-- 
  | Marvin L Jones       | jonz         |  W3DHJ   |  linux
  |  Gunnison, Colorado  |  @           |  Jonesy  |    OS/2   __
  |   7,703' -- 2,345m   |   config.com |  DM68mn              SK
0
Allodoxaphobia
9/2/2004 1:38:21 AM
comp.mail.misc 4531 articles. 0 followers. Post Follow

3 Replies
2834 Views

Similar Articles

[PageSpeed] 44

Allodoxaphobia <bit-bucket@config.com> writes:

> I had a piece of spam slither through and escape detection by my
> procmail recipes:
| 
>    Subject: Re: Order Xanax Directly from Here
| 
> hmmmm......  Using VERBOSE, I saw "no match" on my Subject: test.
> Looking at the raw email, I see this for the Subject:
| 
>    Subject: Re: =?ISO-8859-1?B?T3JkZXIgWGFuYXggRGlyZWN0bHkgZnJvbSBIZXJl?=
| 
> What's a Spam Fighter to do?

Nothing. Look at the body instead. Or filter everything
having subject "=?ISO-8859-1?B?"

If you feel feel bored, or wish for something better, the story of my
procmail migration to better bayesian tools is at
http://pm-lib.sourceforge.net/README.html

Jari
0
jari
9/2/2004 7:19:37 PM
On Thu, 2 Sep 2004, Allodoxaphobia wrote:

A> I had a piece of spam slither through and escape detection by my
A> procmail recipes:
A>
A>    Subject: Re: Order Xanax Directly from Here
A>
A> hmmmm......  Using VERBOSE, I saw "no match" on my Subject: test.
A> Looking at the raw email, I see this for the Subject:
A>
A>    Subject: Re: =?ISO-8859-1?B?T3JkZXIgWGFuYXggRGlyZWN0bHkgZnJvbSBIZXJl?=
A>
A> What's a Spam Fighter to do?
A>



# B Mime header extension in subject?
:0
* ^Subject:.*=\?.*\?b\?\/.+\?=
{
  MIMESUBJECT=`echo $MATCH | mimencode -u -b`
  # The decoded text is in the variable.
  # At this point, my recipe does some scoring stuff on higher ascii.
  # The following simple example not tested:
  :0
  * MIMESUBJECT ?? xanax
  /dev/null
}



-- 
Alan


( If replying by mail, please note that all "sardines" are canned.
  There is also a password autoresponder but, unless this a very
  old message, a "tuna" will swim right through. )

0
Alan
9/2/2004 8:13:54 PM
On Thu, 2 Sep 2004 21:13:54 +0100, Alan Clifford hath writ:
> On Thu, 2 Sep 2004, Allodoxaphobia wrote:
>
> A> I had a piece of spam slither through and escape detection by my
> A> procmail recipes:
> A>
> A>    Subject: Re: Order Xanax Directly from Here
> A>
> A> hmmmm......  Using VERBOSE, I saw "no match" on my Subject: test.
> A> Looking at the raw email, I see this for the Subject:
> A>
> A>    Subject: Re: =?ISO-8859-1?B?T3JkZXIgWGFuYXggRGlyZWN0bHkgZnJvbSBIZXJl?=
> A>
> A> What's a Spam Fighter to do?
>
> # B Mime header extension in subject?
>:0
> * ^Subject:.*=\?.*\?b\?\/.+\?=
> {
>   MIMESUBJECT=`echo $MATCH | mimencode -u -b`
>   # The decoded text is in the variable.
>   # At this point, my recipe does some scoring stuff on higher ascii.
>   # The following simple example not tested:
>  :0
>   * MIMESUBJECT ?? xanax
>   /dev/null
> }

Alan,

Thanks!
As with most things like this, it took a little work.
My ISP runs FreeBSD, so I had to employ `uudecode`, versus `mimencode`.
Thus, I had to loop off the trailing "?=" in the base64 raw text to
make `uudecode` happy:

 :0
  # Look for viz: "=?ISO-8859-1?B?"  in Subject:
  * ^Subject:.*=\?.*\?b\?\/.+\?=
  {
    # It was ala: Subject: Re: =?ISO-8859-1?B?T3JkZ....kgZnJvbSBIZXJl?= ,
    #  which decodes to: Subject: Re: Order Xanax Directly from Here
    # Pass the raw base64 string thru uudecode -rm ,
    #  first stripping the trailing "?=".
    MIMESUBJECT=`echo $MATCH | sed s/?=// | uudecode -rm`
    # The decoded mime'd text is in the var: MIMESUBJECT
    :0:
     * MIMESUBJECT ?? (Valium|xanax|PHARMACY|viagra)
     Spam_mime_Subj
  }

..... using Spam_mime_Subj folder for now to monitor "things".

Thanks for giving me a Very Big Start in the right direction!
Jonesy
-- 
  | Marvin L Jones       | jonz         |  W3DHJ   |  linux
  |  Gunnison, Colorado  |  @           |  Jonesy  |    OS/2   __
  |   7,703' -- 2,345m   |   config.com |  DM68mn              SK
0
Allodoxaphobia
9/3/2004 2:35:38 AM
Reply:

Similar Artilces:

MS's Windows 8 new look baffles =?ISO-8859-1?B?iw==?= almost alienates =?ISO-8859-1?B?iw==?= prospective consumers
<http://goo.gl/uenVD> ----- The release of Microsoft's Windows 8 operating system is a week away, and consumers are in for a shock. Windows, used in one form or another for a generation, is getting a completely different look that will force users to learn new ways to get things done. Microsoft is making a radical break with the past to stay relevant in a world where smartphones and tablets have eroded the three-decade dominance of the personal computer. Windows 8 is supposed to tie together Microsoft's PC, tablet and phone software with one look. But judging by the reactions of some people who have tried the PC version, it's a move that risks confusing and alienating customers. ----- Could be a good opportunity for desktop Linux and Apple. -- "But I have never, ever even run a Linux server and I don't even want to; it's not what I'm interested in. I'm more of a desktop guy." -- Linus Torvalds On Sat, 20 Oct 2012 19:42:09 -0700, Snit wrote: > <http://goo.gl/uenVD> > ----- > The release of Microsoft's Windows 8 operating system is a week > away, and consumers are in for a shock. Windows, used in one form or > another for a generation, is getting a completely different look > that will force users to learn new ways to get things done. > > Microsoft is making a radical break wit...

FYI: [a,b].join('') !== '' + a + b; // for some 'a' and 'b'
Hi I was expecting [a, b, c].join(''); to be equal to '' + a + b + c; but they are not. I read Flanagan's Rhino book, and it told me that Array.join() returns "The string that results from converting each element of |array| to a string and then concatenating them together, with the |separator| string between the elements." But according to http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-262.pdf === 15.4.4.5 Array.prototype.join (separator) The elements of the array are converted to strings, and these strings are then concatenated...

if ('A:B:C' =~ /:(.*?)$/) then why the heck is $1 'B:C' and not just 'C'
To repeat the title, in case it is munged by Google Groups: if ('A:B:C' =~ /:(.*?)$/) then why the heck is $1 'B:C' and not just 'C' I've been developing with perl for years; but even simple things in it still sometimes throw up surprises. The regexp /:(.*?)$/ is anchored on the right by $, then comes a non- greedy match which, AIUI, is the "shortest string it can get away with", preceded by a colon. So I would expect this to pick up just the "C", as it does with /([^:]*)$/. Am I assuming/doing something silly? It is frid...

How to set variables 'lang' and 'pma_lang' to iso-8859-1 ?
Hello to you all I'm a newbie in PHP. I've a trouble with the codage. When I launch phpinfo() (PHP 4.3.9) through phpmyadmin (2.6.0.rc1 on a RedHat Avanced Server 4 update 1), I get in the 'PHP Variables' section : ........... _REQUEST["lang"] = fr-utf-8 ........... _REQUEST["pma_lang"] = fr-utf-8 .......... _GET["pma_lang"] = fr-utf-8 .......... _COOKIE["pma_lang"] = fr-utf-8 I want to replace fr-utf-8 by fr-iso-8859-1. But I don't know where ? I've check the config.inc.php in phpmyadmin directory. I've set the $cfg['...

['a', 'b'][True] results 'b' But how?
Hi, Can any one please tell me how is the following code is working? ['a','b'] is a list of string, and [True] is list of boolean value. How is it making effect....? <code Python24> >>> ['a','b] [True] 'b' >>> ['a','b'] [False] 'a' >>> ['a','b']['some_string' == r'some_string'] 'b' >>> ['a','b']['some_string' == r'somestring'] 'a' <code> Thanks in advance, regards, kath. In this case, [True] and [False...

German game 'Oil' or =?ISO-8859-1?B?J9ZsJw==?=
Hello all, While moving stuff from one computer to another it seems that I have lost a disk image with an old German game on it :-( This game was played heavily in my old school, so it bears a lot of memories to me. The name of the game (if I remeber right) was 'OIL' or '�L'. It is quite some time ago, but I think there was a subtitle like 'Das Spiel ums gro�e Geld'. It was a filebased game, programmed in AppleSoft Basic. In this game you had to manage your oil company. Does anybody here remember that game and even maybe have this one on an image? I would really LOV...

{ '0':'c->c->a' ,'1':'a->b->a' .........}
Hi, have anybody a hint , how i get a dict from non unique id's and their different related values. Thanks for advance Chris ###random data # a=range(10)*3 def seqelem(): i=random.randint(0,2) elem=['a','b','c'][i] return elem s=[seqelem() for t in range(30)] print zip(a,s) ## favored result: { '0':'c->c->a' ,'1':'a->b->a' .........} Hi Chris, I may have time to look at the rest of your code later. For now I just want to comment on one line: On Nov 7, 12:24=A0pm, chris <o...

Why '1+' instead of '+1'?
I want to introduce an extremely important and hot topic... :D Seriously, it's something I came across some time ago. Why do we have a '1+' macro (I believe it is a macro, isn't it?) instead of '+1'? I often find myself doing some kind of 'switching paradigms' between infix and prefix notation in my head each time I read it in others code; in fact, I often 'mistype' it in my own, having to change it. Besides, think about it as a function. A function is 'something' you give 'something' and makes 'something' with (great definition...

converting strings to most their efficient types '1' --> 1, 'A' ---> 'A', '1.2'---> 1.2
Hello, I'm importing large text files of data using csv. I would like to add some more auto sensing abilities. I'm considing sampling the data file and doing some fuzzy logic scoring on the attributes (colls in a data base/ csv file, eg. height weight income etc.) to determine the most efficient 'type' to convert the attribute coll into for further processing and efficient storage... Example row from sampled file data: [ ['8','2.33', 'A', 'BB', 'hello there' '100,000,000,000'], [next row...] ....] Aside from a missing attribu...

'11' + '1' is '111'?
'11' + '1' == '111' is well known. but it suprises me '11'+'1' IS '111'. Why? Obviously they are two differnt object. Is this special feature of imutable object? On Thu, Oct 29, 2009 at 5:43 PM, metal <metal29a@gmail.com> wrote: > '11' + '1' == '111' is well known. > > but it suprises me '11'+'1' IS '111'. > > Why? Obviously they are two differnt object. > > Is this special feature of imutable object? It's an implementation detail used to optimize performance. CPy...

'^=' and '~='?
Hello, What is the difference between '^=' and '~='? Thanks, Duckhye ...

'is not' or '!='
A newbie question to you; what is the difference between statements like: if x is not None: and if x != None: Without any context, which one should be preferred? IMHO, the latter is more readable. On 2014-08-18 21:35, ElChino wrote: > A newbie question to you; what is the difference between statements > like: > if x is not None: > and > if x != None: > > Without any context, which one should be preferred? > IMHO, the latter is more readable. > "x == y" tells you whether x and y refer to objects that are equal. "x is y" tells you whether x and y actually refer to the same object. In the case of singletons like None (there's only one None object), it's better to use "is". "ElChino" <elchino@cnn.cn>: > A newbie question to you; what is the difference between statements > like: > if x is not None: > and > if x != None: Do the following: take two $10 bills. Hold one bill in the left hand, hold the other bill in the right hand. Now, the bill in the left hand "is not" the bill in the right hand. However, the bill in the left hand "==" the bill in the right hand. > Without any context, which one should be preferred? > IMHO, the latter is more readable. In almost all cases, both tests would result in the same behavior. However, the "is not" test is conceptually the correct one since you want...

what does '1' in 'Case.. when' do
What does 1 or 0 in the following statement does case when condition = met then 1 else 0 Rohit Dhawan wrote: > What does 1 or 0 in > the following statement does > > case when condition = met then 1 else 0 Stop cross posting or multi posting. Your answer at the other location. ...

what does '1' in 'Case.. when' do
What does 1 or 0 in the following statement does case when condition = met then 1 else 0 Rohit Dhawan wrote: > What does 1 or 0 in > the following statement does > > case when condition = met then 1 else 0 Answered in the Chapter 4 of the SQL Reference manual for Oracle9i Release 2 found at http://docs.oracle.com PLEASE do not cross/multi-post ...

(a==b) ? 'Yes' : 'No'
Hi, how can I write the popular C/JAVA syntax in Python? Java example: return (a==b) ? 'Yes' : 'No' My first idea is: return ('No','Yes')[bool(a==b)] Is there a more elegant/common python expression for this? On Mar 30, 11:40=A0am, gentlestone <tibor.b...@hotmail.com> wrote: > Hi, how can I write the popular C/JAVA syntax in Python? > > Java example: > =A0 =A0 return (a=3D=3Db) ? 'Yes' : 'No' > > My first idea is: > =A0 =A0 return ('No','Yes')[bool(a=3D=3Db)] > > Is there a more elegan...

what does '1' in 'Case.. when' do
What does 1 or 0 in the following statement does case when condition = met then 1 else 0 ...

converting 1944 to '1','9','4','4'
converting 1944 to '1','9','4','4' how can I convert a number such as 1944 to a character array? thanks! x wrote: > converting 1944 to '1','9','4','4' > > how can I convert a number such as 1944 to a character array? Corvert it to string, then convert string into character array, if string is not good enough for you. See faq: [38.1] How do I convert a value (a number, for example) to a std::string? http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-38.1 On 13 Apr 2004 08:08:24 -0700, aotemp@hotma...

Mail.app filters-automatically send 'Sender' and 'Subject'
Hi, When I receive mails from a specific address group, I want Mail to automatically send the 'Sender's name (or email id), the 'Subject' of the new mail and a preview of the mail text to another email address (to <mynumber>@vtext.com, which would send an alert to my verizon phone). Basically, I want to be alerted about important emails when I am not home. How do I setup a Mail filter to do this? Is it possible to write a script to do this? If so, how? (I've never written a script). I tried to automatically redirect these mails to my phone, but my phone shows my emai...

I've got my =?iso-8859-1?Q?=F8?= and =?iso-8859-1?Q?=F6?= back.
This might show I only have � a brain, I guess, but it turns out that individuals such as Lin�nut and Peter K�hlmann were losing their characters on my SLRN reader/poster because I was using gnome-terminal; they showed up as blanks. In xterm they work fine. I'm not sure why that is but may have to investigate this more fully. Copy and paste works too. It might be a font problem but I can't be sure yet. The following also works for those of us (like me) who want to see all these characters: $ perl -e 'for($i=160;$i<256;$i++) { printf "%c",$i; }' Now...how doe...

How to convert '1' into '-1' and vice versa?
Is there a function to convert '1' into '-1' and vice versa? - wrote: > Is there a function to convert '1' into '-1' and vice versa? public int negate(int n) { return -n; } or just; n = -n; -- Knute Johnson email s/nospam/knute/ - wrote: > Is there a function to convert '1' into '-1' and vice versa? public class Negate { private Object lock = new Object(); public static int negate(int n) { int tmp = 0; synchronized(lock) { tmp = n - (2 * n); int loop = 0; if(n > 0) { loop = (new Random()).nextInt(...

What is the difference between 'rb' and 'r', 'b' for fread
Does anybody know if there is any difference between 'rb' and 'r', 'b' for fread? For example, 1. [fid, message] = fopen(fileName, 'r', 'b'); 2. [fid, message] = fopen(fileName, 'rb'); 3. [fid, message] = fopen(fileName, 'rb', 'b'); Thanks. Sean wrote: > Does anybody know if there is any difference between 'rb' and 'r', 'b' > for fread? Yes. > For example, > > 1. [fid, message] = fopen(fileName, 'r', 'b'); > > 2. [fid, message] = fopen(fileName, 'rb'); ...

[Troll] Vole's =?ISO-8859-1?Q?Tiles8=AE_Launch_day=2C_Free?= =?ISO-8859-1?Q?_comedy_for_all_=3A-=29?=
I'm early today, woke up at 3:00 am, usually 6:00 am (my "biological alarm"). I bought myself a huge bucket of popcorn, during the recent "Lidl XXL weeks" (the supermarket I live on top off) and saved it for today. Today will be Vole's Tiles8� Launch day and I expect public humiliation, with crashes on a huge screen, during the official "presentation". I hope (yet seriously doubt) that Vole will also demonstrate the "user friendly" Windows 8 "Modern UI" (or whatever they call it this week) in combination with a mouse ...

'''''''''''''The Running Update/Append Queries Using VBA code Ordeal''''''''''''''
Hello fellow programmers, I am trying to run an append/update query from code, a command button on a form initiates the queries. the format i am using is; _____________________________________________________ SELECT "criteria" FROM "criteria" WHERE "criteria" UPDATE/APPEND "field selections" RecordSource "qryExample" = above text strings" _______________________________________________________________________ When i am running a SELECT query in this manner it works fine with no problems, and accepts the values of specified linked for...

I can't get =?ISO-8859-1?Q?=22=E8=22_character_on_my_fre?= =?ISO-8859-1?Q?nch_keyboard=2E=2E=2E_?=
1) "�" (on the key "2") and "�" (on the key "0") are functional on my french keyboard but when I type "�", language reference open !? [Alt] + 0232 on the numeric pad (corresponding to "�" in Windows) has the same effect than "�" in the editor!? 2) What's the encoding of the editor ? It should be a good thing to be able to select editor encoding in preferences (like in Python, for example) 3) As a musician, whatever the language I use, MIDI In/Out is never natively implemented (except perhaps in GFA for ...

Web resources about - [procmail] =?ISO-8859-1?B? 'encoded' Subject: - comp.mail.misc

Resources last updated: 2/25/2016 1:27:37 PM