I found a script somewhere that goes out and gets a database file for
clamav and uses clamav's facilities for pulling apart the pdf's and
scanning them. you should be able to find it via google. Its called
scam.sh
Curtis
LuKreme wrote:
On 31-Jul-2007, at 16:03, Mar Matthias Darin wrote:
Scott Moseman writes:
Are there any good recipes for dealing with the latest PDF spams?
After spending some time studying the IP addresses, most (in my
case 98%,
YMMV though) originate from dynamic IP addresses. I've had a hard
time
getting a good sample, DynaStop has elimited a good majority of
them. I
might see 1 or 2 every few days make it through DynaStop.
That might explain why I was nonplussed about this issue when it was
first raised. Anything that looks like it might possibly be from a
dynamic ip range is greylsited by postfix before the DATA portion of
the SMTP transaction. I haven't seen any of the pdf spams (yet).
I'm getting quite a lot of the "i'm a lonely girl looking for
friends" spam, and the 'add me as a myspace friend because I had to
move my nudie pics off myspace" spam, but that's on my one account
that has almost no spam protection after the RBLs/Greylisting.
--
BUGS: There is no conversion specification for the phase of the
moon." strftime(3) man page
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
--
Curtis Maurand
Head Honcho
Xyonet Hosting Services
Biddeford, ME 04005
mailto:curtis(_at_)maurand(_dot_)com
mailto:cmaurand(_at_)xyonet(_dot_)com
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail