Like other folks I've been getting hit with the PDF spam pretty hard. I think the way to solve this and the image spam in general is to do a plugin that does two things:
1) looks in the message to see if there is a binary attachment 2) looks in the AWL to see if the sender tuple is known 3) if (1==true) && (2==false) fire a score I've been meaning to adapt my SAGREY plugin [1] for this but have not had time and may not have time for a while yet, so I thought I'd throw this out there to see if anybody else is interested in doing it [1] http://www.ntrg.com/misc/sagrey/ -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/