On 10/03/2016 09:03 PM, John Hardin wrote:
On Mon, 3 Oct 2016, Axb wrote:
On 10/03/2016 07:46 PM, Alex wrote:
Hi,
These are a real concern. If you receive any kind of real mail volume,
you're receiving these too, and they're not always being caught by
RBLs or virus scanners. Or even our well-trained bayes.
http://pastebin.com/YhLBqpKm
I used to have some rules that would reliably block them, but they're
not performing well now at all.
I'm posting this in hopes someone has some other ideas, as well as to
raise awareness about their existence.
Ideas greatly appreciated.
SA isn't the right tool to detect virus infected attachments
Agreed, but *phishing* PDFs are appropriate to detect, as are 419 scam
PDFs (which I am starting to see).
John,
That sample has an attached bulk_inquiry_317141.doc
not a PDF.
