I'm seeing a lot of spam with base64 encoded subjects:
Subject:
=?UTF-8?B?RnVsbCBkZW50YWwgY292ZXJhZ2UgZm9yIGZhbWlsaWVzIGFuZCBzZW5pb3JzLCBjb3ZlcnMgYWxsIHByb2NlZHVyZXM=?=
Subject: =?UTF-8?B?V2VhciB5b3VyIE11bHRpLVRvb2wgYXJvdW5kIHlvdXIgd3Jpc3Qu?=
SA is scoring the messages pretty high based off the body, but a lot of
spams with the base64 is still getting through. I thought it wouldn't be
too hard to write a rule to catch these, but clearly I don't know what
I'm doing:
header BRT_BASE64_SUBJECT Subject =~ /=\?UTF\-8/
This doesn't trigger on any of these spams. Am I going about this the
wrong way or I'm I just that bad at writing regexs? Any suggestions
would be appreciated.
Subject:
=?UTF-8?B?RnVsbCBkZW50YWwgY292ZXJhZ2UgZm9yIGZhbWlsaWVzIGFuZCBzZW5pb3JzLCBjb3ZlcnMgYWxsIHByb2NlZHVyZXM=?=
Subject: =?UTF-8?B?V2VhciB5b3VyIE11bHRpLVRvb2wgYXJvdW5kIHlvdXIgd3Jpc3Qu?=
SA is scoring the messages pretty high based off the body, but a lot of
spams with the base64 is still getting through. I thought it wouldn't be
too hard to write a rule to catch these, but clearly I don't know what
I'm doing:
header BRT_BASE64_SUBJECT Subject =~ /=\?UTF\-8/
This doesn't trigger on any of these spams. Am I going about this the
wrong way or I'm I just that bad at writing regexs? Any suggestions
would be appreciated.