At 12:49 14-07-2007, Eric A. Hall wrote:
Like other folks I've been getting hit with the PDF spam pretty hard. I
think the way to solve this and the image spam in general is to do a
plugin that does two things:
1) looks in the message to see if there is a binary attachment
2) looks in the AWL to see if the sender tuple is known
3) if (1==true) && (2==false) fire a score
You might also verify the AWL score in step to and fire step 3 if
that score is above an arbitrary value. Note that your rule may
trigger false positive for one-time senders.
Regards,
-sm