I have a solution with ClamAV for any image that is "not allowed". I my case i create a md5sum from images i don't want to receive and but them into hashtable. This Hashtable place into /var/lib/clamav/NAME.hsb
/var/lib/clamav/NAME.hsb looks like: 129895eb534a7e568b4284b6860fa93c:1245184:BitcoinImage hash:size:"VIRUS name" so any new mail with this attachment get treated as virus if you want to set score to this image you need this: in /etc/amavis/conf.d/50-user insert: @virus_name_to_spam_score_maps = (new_RE( # the order matters! [ qr'BitcoinImage.UNOFFICIAL' => 999], )); service amavis restart done Am 10.12.19 um 19:03 schrieb Joseph Brennan:
A user here reported a new twist on the bitcoin ransom mail. New to me, anyway. From: Casper Mitten <rwbcaprice...@outlook.com> Sent: Monday, December 9, 2019 10:00 PM The Subject was a single word, supposedly a password. The message was a jpg picture of text. Although it was in English, many vowels were accented special characters. The recipient was expected to scan a QR code in the picture to get the bitcoin string! I'm sending this purely for information. The user's report (as usual) does not include headers so I don't know what scored. It must have hit a rule for a message with no text and an image. There isn't much else there.
-- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds