> => :0 # 021109 () base-64-encoded html head is shrouding more than charset
> => * Content-Type:(.*\<)?text/(html|plain)
> => * ^Content-Transfer-Encoding:(.*\<)?base64
> => | your action goes here
dman> I haven't had any non-spam caught by it since I initiated it
dman> a couple of months ago.
Assuming that it is the BODY that you are scanning for these strings
(and as I mentioned, I am already dealing with the ones that have these
in the header), it would seem that this would yield a false positive on any
message of the structure:
Content-Type: multipart/mixed;
Content-Type: text/plain;
Content-Transfer-Encoding: 8bit;
Content-Type: application/octet-stream;
Content-Transfer-Encoding: base64;
This is a valid encoding, which I don't want to lose! My concern is with the
ones that are structured as follows, and where the "multipart" actually
has only one part:
Content-Type: multipart/mixed;
Content-Type: text/plain;
Content-Transfer-Encoding: base64;
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail