cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
272
Views
0
Helpful
0
Replies

Filters cannot match content in base64 encoded messages

ikal
Level 1
Level 1

It's really disappointing that vESA with AsyncOS version 14.0.1 has a very basic limitation when it comes to content filters: It is unable to scan message bodies when they are encoded in base64. This is a very common technique that spammers use to circumvent email filtering.

Lately we get great volumes of specific spam messages (sextortion). Almost any message comes from a different mail server, but all of them have exactly the same message body. It would be really easy to block them if vESA could correctly decode base64 messages and apply content filters to the decoded message. Unfortunately we are unable to block them because the spammer uses base64 encoded messages.

First I tried creating a content filter with condition that matches specific strings of the decoded message, but it failed to catch any messages.

I even tried creating content filter conditions which try to match specific parts of the base64 string (see picture below) but they didn't work. These base64 encoded lines are the same in all the messages that we try to block, but the content filter can not match them.

content-filter.png

 

 

 

 

0 Replies 0