SpamAssassin has a "bug", where the full configuration directive does not actually search against the un-decoded text, including all parts (including images or other attachments) as documented.
Because of how it works, it is impossible to scan for Swen (TDlUb2ZCYTZJVDlqZUVWZ1FwVUpjWm9DREV...) using SpamAssassin. This is silly.
Below, find a patch which makes full work as documented. It's not perfect. If you send it a regex which backtracks, and there are long lines in the email, it may get very slow or crash. But this can be fixed by co-opting some code that is already in SpamAssassin. Will this or something similar be in a future version of SpamAssassin? I'm not sure. The developers on irc, didn't seem very interested in fixing this in the near term
# and do full tests: first with entire, full, undecoded message
- # still skip application/image attachments though
{
my $fulltext = join ('', $self->{msg}->get_all_headers(), "\n",
- @{$self->get_raw_body_text_array()});
+ @{$self->{msg}->get_body()});
$self->do_full_tests(\$fulltext);
$self->do_full_eval_tests(\$fulltext);
undef $fulltext;