I have a plain server running CentOS 7.2 and Virtualmin, with FTP access via ProFTPD 1.3.5, and when I try to upload a PHP file containing the string base64_decode the transfer hangs until time-out. I have verified by editing the function out, and the exact same file uploads near-instantly. Put the function back in and the upload times-out. I can even just remove the '64' from the function name and the file uploads successfully.

So it appears to be some kind of security, but from where? Surely someone has seen this before? Or is my diagnosis completely off?

This is probably not related to FTP, but to some Intrusion Detection System (IDS) which tries to block transfer of suspicious files. This IDS might run at the host or somewhere in the network.

It is blocked to prevent malicious code tranfer.

To circumvent this:

sed 's/base64_decode/QQQQQ_decode/g' YOUR_FILE > NEW_FILE

transfer NEW_FILE via FTP

On the target computer:

sed 's/QQQQQ_decode/base64_decode/g' NEW_FILE > YOUR_FILE