Title: base64 false positives

I'm seeing several false positives where rules such as the following are matching in Base64-encoded blocks:

MLM
HGH
UPPERCASE_25_50

e.g., I have messages where the entire body is a base64-encoded JPEG, and it matches on these because the letters "HGH" and "MLM" show up in the block.

Since these are body tests, not raw-body, they should not apply to the raw Mime, right?  Is this something that's fixed in 2.60?

----------
Philip Tucker
Zix Research Center
Anti-Spam Team Lead
214.370.2068

Reply via email to