On 03.06.10 20:45, cviebrock wrote:
Thanks for the link. That'll help.
In general, though, can I write a SA rule that looks at the raw message body
with trying to decode attachments, etc.? I thought that would be the
easiest way to catch these messages (and some other spam that comes in as
On Thu, 2010-06-03 at 19:44 -0700, cviebrock wrote:
I'm trying to write a rule to catch a bunch of spam I'm getting recently that
contain only an .RTF file. The filename, subject line, and other details
vary, but the raw message body is always the same i.e. the base64 encoded
RTF file.
See
You're right in that it *could* be a common RTF header, but a bit of decoding
of the attachments on my end seems to indicate that it isn't. All these
spam RTFs are practically identical except for a different URL link in the
document, and a different (probably forged) generator Msftedit
On Fri 04 Jun 2010 04:44:46 AM CEST, cviebrock wrote
http://pastebin.com/xFddVaX8
http://sanesecurity.org/ dont know what clamav rules helps for this,
but this is another way to stop spam attachements
remember to make good choice of official sigs in clamd if using clamav
milter, only
I'm trying to write a rule to catch a bunch of spam I'm getting recently that
contain only an .RTF file. The filename, subject line, and other details
vary, but the raw message body is always the same i.e. the base64 encoded
RTF file.
See the headers and first few lines of the email here, plus
Hi,
There is allready a few threads about this ...
http://www.gossamer-threads.com/lists/spamassassin/users/153560?do=post_view_threaded
mvh
On Fri, Jun 4, 2010 at 4:44 AM, cviebrock colinviebr...@gmail.com wrote:
I'm trying to write a rule to catch a bunch of spam I'm getting recently that
Thanks for the link. That'll help.
In general, though, can I write a SA rule that looks at the raw message body
with trying to decode attachments, etc.? I thought that would be the
easiest way to catch these messages (and some other spam that comes in as
PNG files).
- Colin
--
View this