zip only spam
Leland J. Steinke
steinkel at pa.net
Tue Jul 31 18:03:36 IST 2007
Rob Freeman wrote:
> I see instead of using pdf spam, they have switched to zip spam. I have
> a rule to block the pdf only spam, but when I changed it to zip, it is
> not working:
>
> # ZIP only spam
> full ZIP_ONLY_SPAM
> /encoding\:\s+7bit(\n?)+[\-0-9]+.{1,40}type\:\s+application\/zip\;.{1,40}name\=.{1,40}\.zip.{1,50}disposition\:\s+inline\;.{1,40}filename\=.{1,40}\.zip/is
s/zip/octet-stream/
Also, these are RAR files. I updated my filetype.rules.conf to block
'em, after jacking up the spam score to get the sending IPs blocked as well.
Good luck,
Leland
More information about the MailScanner
mailing list