New INI option: FilterBase64html |
Post Reply 
|
| Author | |
JimMeredith 
Newbie 
Joined: 27 January 2005 Location: United States Status: Offline Points: 28 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: New INI option: FilterBase64htmlPosted: 27 July 2003 at 1:36am |
|
I noticed the new INI file option "FilterBase64html" in the release notes for the current version, but scanned both the support forum and the current docs for instructions on how to use it. May have missed it somewhere. Is the INI file syntax simply: FilterBase64html=1 ... or is there more to it than that? Also, can you expand on exactly how these messages are handled (quarantined, blocked w/o quarantine, which response message is returned, etc.)? Thanks, Jim |
|
 |
|
|
Desperado
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 July 2003 at 12:46pm |
|
Jim,
This filter was actually added in response to a request from me. My feeling was that there is absolutely no excuse for base 64 encoded HTML in an email message unless it is an inline image. This filter detects the headers that contain this type of directive.
The syntax is simply as you thought and the rejection detail looks like :
Found Keywords: [Found Content-Transfer-Encoding=base64 and Content-Type=text/html/plain]
Hope this answers you questions.
Dan S.
|
|
|
|
|
JimMeredith
Newbie
Joined: 27 January 2005 Location: United States Status: Offline Points: 28 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 July 2003 at 1:05pm |
|
Dan, Are there any significant differences between using this INI option and using the RegEx that you outlined in one of your earlier messages... (content\-type:\x20text/html\r\ncontent-transfer\-encoding:\x20base64\r\n) Are you using the INI option, the RegEx, or both in your efforts? I agree with you completely about the need for this option, having seen a lot of recent (and not-so-recent) spam utilizing this technique. It's an obvious ploy to avoid keyword filtering, nothing that a "legitimate" application would do. Whatever method represents the most efficient and effective means of blocking this type of message, I'm all for it. Thanks for your reply, and for your (many) contributions to this support forum. Jim |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 July 2003 at 1:14pm |
|
Jim, I use both. The "Imbedded" ini setting blocks about 14 for every 1 the keyword blocks and I have to say, I am not 100% sure why. So ... I use both. Dan S.
|
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 July 2003 at 1:17pm |
|
Jim,
Additional info: I have modified my keyword filter as follows: (\b(content\-type:\x20text/(html|plain)\r\ncontent-transfer\-encoding:\x20base64\r\n)) Dan S.
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.242 seconds.