I receive a lot of spam email with base64 encoded stuff in it. KMail shows that like this: ------=_NextPart_000_00B8_50D07E0A.D6248A04 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 PGZvbnQgY29sb3IgPSAiZmZmZmZmIj4NCm5sZHINCnJtZHlxZg0KSXdtcA0K [etc..] How can I make this visible in KMail? I mean, how can I let KMail decode that stuff. --Kees
On Wednesday 15 January 2003 4:25 pm, Kees Bergwerf wrote:
I receive a lot of spam email with base64 encoded stuff in it. [...] How can I make this visible in KMail?
Let me get this straight: you WANT to see the spam? [just kidding -- I suppose could be legit stuff depending on who sends you stuff and how they (brokenly) send it, but I'll bet the majority of it is indeed "spam" and not worth the effort in decoding it] That said, you CAN get "spamassassin" and install it/enable it -- as part of the process of deciding if a message is spam, it will un-decipher base 64 stuff and scan it [as well as bump the "probabiltiy of spam index" because properly encoded base-64 stuff should come through as an explicit attachment and can be properly decoded] When SA does this, it can be set up to re-write the headers, for one sample case on my machine: === sample message === From Cole@yahoo.com Sun Jan 5 10:46:34 2003 [unrelated headers snipped] [this is what SpamAssassin adds:] X-Spam-Status: Yes, hits=22.7 required=5.0 tests=PENIS_ENLARGE2,ALL_NATURAL,GUARANTEE,CLICK_BELOW, LINES_OF_YELLING,UPPERCASE_50_75,LINES_OF_YELLING_3, LINES_OF_YELLING_2,MIME_MISSING_BOUNDARY,BASE64_ENC_TEXT, FORGED_YAHOO_RCVD,RCVD_IN_RELAYS_ORDB_ORG version=2.31 X-Spam-Flag: YES X-Spam-Level: ********************** X-Spam-Checker-Version: SpamAssassin 2.31 (devel $Id: SpamAssassin.pm,v 1.94.2.2 2002/06/20 17:20:29 hughescr Exp $) X-Spam-Report: 22.7 hits, 5 required; * 4.3 -- BODY: Information on getting a larger penis or breasts (2) * 2.3 -- BODY: Spam is 100% natural?! * 1.5 -- BODY: Contains word 'guarantee' in all-caps * 1.5 -- BODY: Asks you to click below * -0.0 -- BODY: A WHOLE LINE OF YELLING DETECTED * 3.0 -- BODY: message body is 50-75% uppercase * 0.5 -- BODY: 3 WHOLE LINES OF YELLING DETECTED * 0.1 -- BODY: 2 WHOLE LINES OF YELLING DETECTED * 3.9 -- RAW: MIME section missing boundary * 2.1 -- Message text disguised using base-64 encoding * 1.5 -- 'From' yahoo.com does not match 'Received' headers * 2.0 -- RBL: Received via a relay in relays.ordb.org [RBL check: found 240.40.35.61.relays.ordb.org.] ------=_NextPart_0106030228 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 PGh0bWw+PGJvZHkgYmdjb2xvcj0iI0ZGRkZGRiIgdGV4dD0iIzAwMDAwMCI+U0k8IS0tLS0+WkUg QU5EIFM8IS0tLS0+VEFNSU5BIERPIE08IS0tLS0+QVRURVI8YnI+DQpNb3JlIFRoYW4gWW91IENh biBQb3NzaTwhLS0tL[...] === end of sample === so you can (in a way) "see" what the message was about. Note that "disguising" the message as base64 stuff [to fool spamfilters that don't decode attachments], gets a rating of 2.1 just for that action, which is nearly half of the allowed "5 points" needed for spamassassin to rate it as spam... [the "raw mime boundary" gets the other 3.9 points to tip the scales...]
Op donderdag 16 januari 2003 01:42, schreef Tom Emerson:
Let me get this straight: you WANT to see the spam?
:-))) When possible I write an email message to abuse@somewhere so I have to see what url that email message is an advertisement for.
[just kidding -- I suppose could be legit stuff depending on who sends you stuff and how they (brokenly) send it, but I'll bet the majority of it is indeed "spam" and not worth the effort in decoding it]
Yes true, and when it is really broken I can ask to send it again, when it came from somebody I know.
That said, you CAN get "spamassassin" and install it/enable it -- as part of the process of deciding if a message is spam, it will un-decipher base 64 stuff and scan it [as well as bump the "probabiltiy of spam index" because properly encoded base-64 stuff should come through as an explicit attachment
That is what I asked myself. I also thought that it would get here as an attachment. So I see, there is something wrong with it. But then I must find a tool that decodes the message as far as it goes. Just detecting spam and deleting it, will not stop the spammer. I can manage it without tools like spamasassin, it are not that many spam messages (yet). thanks for your help. --Kees
participants (2)
-
Kees Bergwerf
-
Tom Emerson