[lug] PDF Spam

Sean Reifschneider jafo at tummy.com
Thu Aug 9 12:52:39 MDT 2007


On Wed, Aug 08, 2007 at 11:38:18AM -0600, Zan Lynx wrote:
>But for PDF spam, what people are doing is "printing" it to a bitmap,
>then running OCR on the bitmap, just like handling image spam.

There are signatures for ClamAV that treat PDFs just like any other
attachment and look for signatures in the messages and block them because
of that.  I've been using these ones for a couple of weeks and it seems to
be working pretty good:

   http://sanesecurity.co.uk/

As far as blacklists, I only use the ones that are in SpamAssassin.  This
is partly because SpamAssassin doesn't let just one blacklist kill your
messages.  It just increases the score, and unless there is a consensus
among multiple blacklists it can still make it through.  Also,
SpamAssassin's implementation of blacklist checking makes it so that a
single slow or unresponsive blackhole list won't kill your mail server
performance.

Blackholes are, IMHO, a very poor anti-spam technique.  The only one that
I'm using as a true blackhole is the "top 200 spammers", I think that's
from SpamHaus.

Sean
-- 
 A little help at the right time is better than a lot of help at the wrong
 time.
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability




More information about the LUG mailing list