I'm seeing several false positives where rules such as the following are matching in Base64-encoded blocks:
MLM
HGH
UPPERCASE_25_50
e.g., I have messages where the entire body is a base64-encoded JPEG, and it matches on these because the letters "HGH" and "MLM" show up in the block.
Since these are body tests, not raw-body, they should not apply to the raw Mime, right? Is this something that's fixed in 2.60?
----------
Philip Tucker
Zix Research Center
Anti-Spam Team Lead
214.370.2068
