After reading your reply, I re-examined the message and found the case was
an incorrect Content-Type:
~~~
Content-Type: text/plain; charset=windows-1250;
name="pdfname.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="pdfname.pdf"
~~~
So it was scanning the base64
On Mon, 06 Oct 2014 21:28:02 +0200
Karsten Bräckelmann wrote:
> Unless the message's MIME-structure is severely broken, these tokens
> appear somewhere other than a base64 encoded attachment.
Agreed, and a Qmail bounce message is a prime example of a message
whose MIME structure is "severely bro
On Mon, 2014-10-06 at 09:03 -0400, jdime abuse wrote:
> I have been seeing some issues with bayes detection from base64
> strings within attachments causing false positives.
>
> Example:
> Oct 6 09:02:14.374 [15869] dbg: bayes: token 'H4f' => 0.71186828264
> Oct 6 09:02:14.374 [15869] dbg: b
On October 6, 2014 3:03:30 PM jdime abuse wrote:
I have been seeing some issues with bayes detection from base64 strings
within attachments causing false positives.
Train more data then, bayes needs more data to prevent it
Example:
Oct 6 09:02:14.374 [15869] dbg: bayes: token 'H4f' => 0.99
I have been seeing some issues with bayes detection from base64 strings
within attachments causing false positives.
Example:
Oct 6 09:02:14.374 [15869] dbg: bayes: token 'H4f' => 0.71186828264
Oct 6 09:02:14.374 [15869] dbg: bayes: token 'wx2' => 0.68644662127
Oct 6 09:02:14.374 [15869]
