On Sun, 2013-03-24 at 11:05 +0000, Sharma, Ashish wrote: > I have encoded the harmful filename '<script>alert(1)</script>tes.txt' > to base64 and added them into the email as it's allowed as per RFC > 2047 in email headers and is a valid form. > > This is bypassing the spam rule that you created earlier and posted. > In that case it looks as though the MimeHeader plugin doesn't recognise base64 encoded values for names or filenames and doesn't decode them.
I didn't write or maintain the MIMEHeader plugin: I just use it. If this is a major issue for your mail stream, I suggest you raise a bug against the plugin requesting that RFC 2047 compliance be implemented. > as I could not find relevant spamassassin documentation on 'mimeheader'. > I would agree that the plugin's documentation is minimal: I would not have been able to use it if some kind person hadn't posted example rules on this list. Martin