Fake User-Agent on PDF
Hugo van der Kooij
hvdkooij at vanderkooij.org
Sat Jun 30 14:00:42 IST 2007
Hi,
So far all SPAM PDF files that did not get killed on other issues seem to
use a fake User-Agent header: User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
According to
http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.12.html the
release date is impossible however.
I have not written a SA rule (yet). I wrote a detectline in my header
checks of postfix:
/^User-Agent: Thunderbird 1.5.0.12 \(Windows/20070509\)/ REJECT This is a fake version of Thunderbird
Hugo.
--
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)
More information about the MailScanner
mailing list