McDonald, Dan wrote:
From: Ned Slider [mailto:n...@unixmail.co.uk]
I had one sneak through today which didn't hit any rules at all (it hits
a few DNSBLs now but not when I received it). It contained an inline png:
Any idea how to tackle these? I have the DSCxxxx png rule in place but
obviously that doesn't apply to this example.
Here's what I'm using. It does rely on the BOTNET plugin, but I only use
BOTNET in meta rules anyway, so this is a perfect use for it. This rule
caught about 700 of them yesterday.
meta AE_PNG_ATTACH __PNG_ATTACH_1 && __BOTNET_CLIENT
describe AE_PNG_ATTACH Attempt to catch image spam
score AE_PNG_ATTACH 2
--
Dan McDonald, CCIE # 2495, CISSP # 78721, CNX
Interesting - thanks.
I'm wondering if a meta of __HTML_IMG_ONLY && __PNG_ATTACH_1 might work.
I shall test :)