Re: [exim] Blocking Stock Spam ACL

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dennis Davis
Date:  
À: exim-users
Sujet: Re: [exim] Blocking Stock Spam ACL
On Thu, 7 Dec 2006, Marc Perkel wrote:

> From: Marc Perkel <marc@???>
> To: exim-users@???
> Date: Thu, 07 Dec 2006 12:59:31 -0800
> Subject: [exim] Blocking Stock Spam ACL
>
> Here's an ACL that works for me stopping a LOT of stock spam
>
> drop    mime_regex = Symbol\: [A-Z]{4}\nCurrent Price\: Around
>     message = REGEX - Stock Spam - H=$sender_fullhost - S=$h_Subject: - 
> F=$h_From: - T=$h_To:


The surge in both Image and Penny-Stock spam has been discussed
elsewhere. You can use non-exim methods to defend against this
rubbish.

The real success story here has been to use Sanesecurity's
anti-phishing and anti-scam databases with the ClamAV virus checker.
See:

http://www.sanesecurity.com/clamav/

Steve Basford has recently added signatures for stock and image spam
to these databases. Works really well. For example, one of my mail
relays reports the following top hits for yesterday:

Virus                                                      Count
-----                                                      -----
Email.Img.Gen001.Sanesecurity.06161101 ClamAV                616
Email.Stk.Gen082.Sanesecurity.06120631 ClamAV                532
Email.Img.Gen001.Sanesecurity.06111101 ClamAV                237
Email.Stk.Gen038.Sanesecurity.06113000 ClamAV                150
Email.Stk.Gen008.Sanesecurity.06111702 ClamAV                110
Email.Loan.Gen006.Sanesecurity.06120200 ClamAV                75
Html.Img.Gen013.Sanesecurity.06162900 ClamAV                  66
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101