Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - New INI option: FilterBase64html
  FAQ FAQ  Forum Search   Register Register  Login Login

New INI option: FilterBase64html

 Post Reply Post Reply
Author
JimMeredith View Drop Down
Newbie
Newbie


Joined: 27 January 2005
Location: United States
Status: Offline
Points: 28
Post Options Post Options   Thanks (0) Thanks(0)   Quote JimMeredith Quote  Post ReplyReply Direct Link To This Post Topic: New INI option: FilterBase64html
    Posted: 27 July 2003 at 1:36am

I noticed the new INI file option "FilterBase64html" in the release notes for the current version, but scanned both the support forum and the current docs for instructions on how to use it.  May have missed it somewhere.

Is the INI file syntax simply:

 FilterBase64html=1

... or is there more to it than that?  Also, can you expand on exactly how these messages are handled (quarantined, blocked w/o quarantine, which response message is returned, etc.)?

Thanks, Jim

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 27 July 2003 at 12:46pm
Jim,
 
This filter was actually added in response to a request from me.  My feeling was that there is absolutely no excuse for base 64 encoded HTML in an email message unless it is an inline image.  This filter detects the headers that contain this type of directive.
 
The syntax is simply as you thought and the rejection detail looks like :
Found Keywords: [Found Content-Transfer-Encoding=base64 and Content-Type=text/html/plain]
 
Hope this answers you questions.
Dan S.
 
Back to Top
JimMeredith View Drop Down
Newbie
Newbie


Joined: 27 January 2005
Location: United States
Status: Offline
Points: 28
Post Options Post Options   Thanks (0) Thanks(0)   Quote JimMeredith Quote  Post ReplyReply Direct Link To This Post Posted: 27 July 2003 at 1:05pm

Dan,

Are there any significant differences between using this INI option and using the RegEx that you outlined in one of your earlier messages...

(content\-type:\x20text/html\r\ncontent-transfer\-encoding:\x20base64\r\n)

Are you using the INI option, the RegEx, or both in your efforts?

I agree with you completely about the need for this option, having seen a lot of recent (and not-so-recent) spam utilizing this technique.  It's an obvious ploy to avoid keyword filtering, nothing that a "legitimate" application would do.  Whatever method represents the most efficient and effective means of blocking this type of message, I'm all for it.

Thanks for your reply, and for your (many) contributions to this support forum.

Jim

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 27 July 2003 at 1:14pm

Jim,

I use both.  The "Imbedded" ini setting blocks about 14 for every 1 the keyword blocks and I have to say, I am not 100% sure why.  So ... I use both.

Dan S.

 

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 27 July 2003 at 1:17pm

Jim,

 

Additional info:

I have modified my keyword filter as follows:

(\b(content\-type:\x20text/(html|plain)\r\ncontent-transfer\-encoding:\x20base64\r\n))

Dan S.

 

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.