Hi, On Tue, Aug 22, 2017 at 3:14 PM, Dianne Skoll <d...@roaringpenguin.com> wrote: > On Tue, 22 Aug 2017 14:55:01 -0400 > Alex <mysqlstud...@gmail.com> wrote: > >> I know there was a PDF OCR plugin of some sort, but I don't recall it >> being all that effective. Ideas greatly appreciated. > > Take a look at podofopdfinfo. It can extract URLs from PDF docs and you > can trigger on those.
Thank you. It didn't work on this one :-( I also don't see a way to use it with amavisd. I'm recalling now that Axb once said this wasn't a spamassassin problem, but I'm hoping with all the phishing attacks these days that we can reconsider that - the malicious PDF is part of the email message that spamassassin scans. "strings" was able to extract the URL. The URL in the message is http://dabanlar.com/west/scan.html and is still active. The domain isn't listed on any major blacklist, but the IP address is listed on zen. This sounds like something that would need to be done in a plugin, if in spamassassin at all. Are there any current solutions for those of us with spamassassin and amavisd?
