UPS / FedEx spam with virus attached
We've been seeing lots of messages with contents similar to this: Unfortunately we were not able to deliver postal package you sent on July the 25 in time because the recipient's address is not correct. Please print out the invoice copy attached and collect the package at our office. Of course the zip attachment contains a virus, and ClamAV does not seem to be catching that either. Has anyone else been getting lots of these? If so, what are you doing to block them? Bob
PDFAssassin
Is anybody using the PDFAssassin module from http://blog.atmail.com/?p=61 I didn't think I saw it talked about on the list yet. I'm looking for a good solution for catching PDF spam. Are there any better suggestions for catching PDF? Thanks again, Bob
Re: FuzzyOcr 3.5.1 released
On Sun, 2007-01-07 at 15:16 +0100, decoder wrote: Now, the version seems stable enough to replace the 3.4.x branch, and I recommend everyone to upgrade to it :) The FuzzyOcr site still lists 3.5.1 as devel. Should it be considered stable enough for production use yet? We are still running 2.3b because it is the only one currently listed as stable.
Manual bayes expiration in MySQL database
We're running spamassassin with a MySQL bayes database that is shared by 4 scanning servers. We had been initially using the bayes auto expire option in local.cf, but found that this occasionally caused table corruption. With auto expire turned off, everything works fine, but after a while our bayes database gets huge (~9 million records in bayes_token). Does anybody have a good tip on how to manually expire some of those records from the database? Is ut as simple as deleting all records in the bayes_token table that have an atime older than a specified time? Is there any other logic that should come into play when expiring the bayes tables? Any tips or suggestions appreciated. Thanks, Bob Pierce