From: Victor Duchovni (no email)
Date: Tue May 02 2006 - 16:19:38 EDT
On Tue, May 02, 2006 at 10:01:22PM +0200, Magnus B?ck wrote:
> On Tuesday, May 02, 2006 at 21:48 CEST,
> Charles Gregory <> wrote:
>
> > I don't suppose there is a 'stupid pet trick' that will let me
> > perform a simple 'body_check' on base64 encoded text bodies?
>
> Nope.
>
> > Like some simple tool that can convert my chosen text string
> > into base64 so that I can search for *that* as a body_check ?
>
> Sure, there are many such programs and scripting languages but since a
> given string has more than one possible Base64 equivalent it would not
> be practical.
>
For experts only, it is possible to take a medium length substring, (not
too short to generate FPs and not too long to be likely split accross
more than two lines) prefix it with zero then one then two random bytes,
base64 each of the encoded strings, discard the first and last 4 bytes,
split the result into two pieces of equal length, and look for any of the
6 resulting fragments. This is not something you should do routinely...
The following was once in my body checks above the rule to skip base64
encoded content:
/HbjdzZmlibS5jaVdvZ|duN3NmaWJtLmNpV29n|R243c2ZpYm0uY2lXb2/i
REJECT MYTOB worm
If you can figure out what this is looking for, you can with caution
take this approach.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain the Unix email
environment. If you are interested, please drop me a note.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
|
|
|