Mailing List Message #92104
From: Martin.Hepworth <>
Subject: RE: PDF Spam
Date: Thu, 09 Aug 2007 09:58:42 +0100
To: CommuniGate Pro Discussions <>
X-Mailer: CommuniGate Pro MAPI Connector 1.2.12/1.2.12

Heh - better go back to MailScanner then ;-)

BTW botnet 0.8 seems to be much happier than the 0.7 I was running

Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: CommuniGate Pro Discussions [] On
> Behalf Of John Rudd
> Sent: 09 August 2007 09:46
> To: CommuniGate Pro Discussions
> Subject: Re: PDF Spam
> Graeme Fowler wrote:
> > On Thu, 2007-08-09 at 19:00 +1200, Martin Miller wrote:
> >> Other than spam catcher what anti spam mechanisms are you using?
> >> I use spamassassin, spf and domain keys verify and RBL's to mark
> >> likely suspects.
> >> You can also use a plugin
> >> from
> to identify PDF and perhaps filter them more closely
> >
> > Alternatively, use ClamAV with the SaneSecurity signatures -
> > - as they contain many hashes for PDF
> > spams.
> >
> Yup.  Sanesecurity catches a huge bulk of them.
> What I do at home is (the helpers all run during synchronous rules, so
> the various rejections all happen during the SMTP session):
> 1) 5 second greet-delay/greet-pause
> 2) and
> 3) a helper that sort of works like the sendmail access file (reject by
> return-path, reject by ip, reject by recipient, whitelist by ip,
> whitelist by return-path, whitelist by recipient)
> 4) a helper to reject attachments via regular expressions (*\.exe$ for
> example), or add headers for all other attachments
> 5) a helper using clamav with sigs from clamav, sanesecurity, msrbl, and
> mbl
> 6) and a spamasssassin helper that rejects spam with a score >= 10, or
> marks it as spam if >=5
> I'm in the middle of deploying the same set up at work, as well.  Plus
> we may add CGP's Sophos and Cloudmark plugins as an extra line of defense.
> (the current work system is mimedefang based, but otherwise similar in
> structure to the above; before adding sanesecurity, msrbl, and mbl, we
> rejected maybe 3000 messages a day, out of a million, for containing
> viruses ... now we reject 30,000 to 50,000 messages per day via clamav;
> 90%+ are caught by sanesecurity signatures)
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <>.
> To unsubscribe, E-mail to: <>
> To switch to the DIGEST mode, E-mail to <>
> To switch to the INDEX mode, E-mail to <>
> Send administrative queries to  <>

Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster