image spam

[Rune Gundersen]

Hi

I have recently been getting alot of message just containing an image 
with the spam message in it, wich sent me on a search for information on 
how to block it since my MailScanner/Spamassassin didn't catch it. What 
I found was this regexp: 
http://sunbeltblog.blogspot.com/2006/05/image-spam.html. Wich JulesFM on 
#mailscanner helped me put into a sa rule:

rawbody image_spam 
m/^\s*?\<!doctype\s+?html\s+?public\s+?"[^"]+?"\s*?\>\s*?\<html\>\s*?\<head\>\s*?\<meta\s+?[^>]*?content\s*?=\s*?(["'])[^\1]*?\1\s*?name\s*?=\s*?["']?GENERATOR["']?\s*?\>\s*?\<style[^>]*?\>.*?\<\/style\s*?\>\s*?\<\/head\s*?\>\s*?\<body\s+?bgColor\s*?=\s*?\S{7,7}\s*?\>\s*?\<div[^>]*?\>.*?\<font\s+?face\s*?=\s*?arial\s+?size\s*?=\s*?2\*?\>[^<]*?\<img\s+?alt\s*?=\s*?(["'])\2\s+?hspace\s*?=\s*?0\s+?src\s*?=\s*?(["'])cid\:[^@]{30,30}@[^\3]*?\3\s+?align\s*?=\s*?baseline\s+?border\s*?=\s*?0\>\s*?\<\/font\>\s*?\<\/div\>\s*?\<\/body\>\s*?\<\/html\>\s*?$/
score image_spam 10
describe image_spam  stopping thoose image spams

Maybe someone has some input on this ?

// Rune Gundersen