Hi,

I get lots of spam which "should" be filtered by my content filters, but isn't. Apparently the sender does something to the text to make it readable by me but not by the mailwasher filter. I've looked at the raw source of such messages recently and a couple of things appear more or less regularly: something about charset=iso-8859-1 and something about encoding base 64.

Is either or both of these things keeping me from filtering the messages?

If so, how can one figure out what "viagra" is in that charset and encoding so I can put the appropriate string in my content filter?

Thanks.

Steve Frye

Messages that are encoded require something to decode them, such as Benign. While MailWasher will decode a number of things in Normal View in the preview window, including cleaning up the HTML and deciphering "escaped" characters, this view is not accessible by the filters.

My solution has been to either mark encoded messages as such using a filter, run them through Benign first, or run them throgh some other product which will decipher the message, like POPFile.

I like your idea of using a filter to mark encoded messages. Can you explain how to do that?

Also, is there any reason not to automatically reject any message that has been encoded in this way, since I assume people I'm likely to correspond with wouldn't need (or think to) encode?

Thanks.
AJ

Hi AJ,

You probably don't want to automatically reject messages that are encoded in this manner. Certain e-mail clients -- especially the ones that are popular nowadays that "enhance" your e-mails, like Incredimail -- tend to use it extensively. In addition, most e-mail clients use it for attachments.

You can set up a filter to search for the words "Content-Transfer-Encoding: base64" in the entire header and in the body, as they may occur in either place.

If you know how to edit your filters.txt file, you can just insert this line:

[enabled],"Base 64 Encoded","Base 64 Encoded",33023,OR,Blacklist,Delete,Body,contains,"Content-Transfer-Encoding: base64",EntireHeader,contains,"Content-Transfer-Encoding: base64"

Change the colors, name, etc. to whatever you like.

Gary

Thanks for the pointers.

Is there a free or shareware program that could be used to encode phrases base 64 so that I could put them in my filter? Alternatively, can you point me to the specification for how to "encode base 64"?

If you have access to a Unix box, a number of the uudencode's support base64 using the -m or
--base64 option.

If not, I happened to run accross this page, which looks like it would be an easy way to do what you want:

http://makcoder.sourceforge.net/demo/base64.php

I'm sure there are a lot more encoders out there, I just haven't looked around much for them.

Good luck!

Thanks, Gary. I'll give it a try.

AJ

Wow! the encoder/decoder web page is great. Ask and ye shall receive.

Thanks, Gary.

Steve