Alex, > Has anyone else seen an increase in PDF invoice spam with just a link > in it? The centurylink IP is now blacklisted, but obviously it wasn't > when this was received. The link contained in the PDF has also already > been disabled, but obviously wasn't when this was received. > > I'd really appreciate ideas on how this one should be blocked:
I'd really go the normal way: there is a PDF plugin that extract text from a PDF and reinject it to SA for normal scrutiny. I would not add any specific thing to that PDF part and only concentrate on usual SA rules (if anything new is needed). Best regards, Olivier > > http://pastebin.com/g7dJ7SHu > > There's very little text in the body, so I suspect that's why bayes is > confused. PDF invoices and conversations involving "payment" and > "invoice" are not all that uncommon. > > Thanks, > Alex > --
