Kelson wrote:
Ben Hanson wrote:
Hmm, scoring certain attachments (.gif, .jpg, etc) based on a
calculated checksum (md5 or otherwise).
Now that I think about it, I recall Razor used to run into false
positives with one of the background images in a set of Outlook
stationery (because some spammers had used the same template). The
key point being that Razor generates signatures from all MIME parts,
images included.
Depending on the default config, it may already take care of these.
I stumbled onto this thread which has the idea of creating a signature
that clamav can use to block these types of mail.
http://www.rulesemporium.com/forums/showthread.php?s=0999129f1c5d4b74fd288d9ac9ed7997&threadid=145&goto=nextnewest
Look at the entry
*"Using Clamav instead* posted: 05-27-2005 03:22 PM by:* j_dxn". *
Wouldn't this also be resource friendly?
Pete
