Spam Filter ISP Support - New INI option: FilterBase64html

New INI option: FilterBase64html

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=1484
Printed Date: 13 March 2025 at 4:11pm

Topic: New INI option: FilterBase64html

Posted By: JimMeredith
Subject: New INI option: FilterBase64html
Date Posted: 27 July 2003 at 1:36am

I noticed the new INI file option "FilterBase64html" in the release notes for the current version, but scanned both the support forum and the current docs for instructions on how to use it. May have missed it somewhere.

Is the INI file syntax simply:

FilterBase64html=1

... or is there more to it than that? Also, can you expand on exactly how these messages are handled (quarantined, blocked w/o quarantine, which response message is returned, etc.)?

Thanks, Jim

Replies:

Posted By: Desperado
Date Posted: 27 July 2003 at 12:46pm

Jim,

This filter was actually added in response to a request from me. My feeling was that there is absolutely no excuse for base 64 encoded HTML in an email message unless it is an inline image. This filter detects the headers that contain this type of directive.

The syntax is simply as you thought and the rejection detail looks like :

Found Keywords: [Found Content-Transfer-Encoding=base64 and Content-Type=text/html/plain]

Hope this answers you questions.

Dan S.

Posted By: JimMeredith
Date Posted: 27 July 2003 at 1:05pm

Dan,

Are there any significant differences between using this INI option and using the RegEx that you outlined in one of your earlier messages...

(content\-type:\x20text/html\r\ncontent-transfer\-encoding:\x20base64\r\n)

Are you using the INI option, the RegEx, or both in your efforts?

I agree with you completely about the need for this option, having seen a lot of recent (and not-so-recent) spam utilizing this technique. It's an obvious ploy to avoid keyword filtering, nothing that a "legitimate" application would do. Whatever method represents the most efficient and effective means of blocking this type of message, I'm all for it.

Thanks for your reply, and for your (many) contributions to this support forum.

Jim

Posted By: Desperado
Date Posted: 27 July 2003 at 1:14pm

Jim,

I use both. The "Imbedded" ini setting blocks about 14 for every 1 the keyword blocks and I have to say, I am not 100% sure why. So ... I use both.

Dan S.

Posted By: Desperado
Date Posted: 27 July 2003 at 1:17pm

Jim,

Additional info:

I have modified my keyword filter as follows:

(\b(content\-type:\x20text/(html|plain)\r\ncontent-transfer\-encoding:\x20base64\r\n))

Dan S.