Re: [exim] Blocking Stock Spam ACL

Top Page
Delete this message
Reply to this message
Author: Chris Lear
Date:  
To: exim-users
CC: Dennis Davis
Subject: Re: [exim] Blocking Stock Spam ACL
* Dennis Davis wrote (08/12/06 14:26):
> On Thu, 7 Dec 2006, Marc Perkel wrote:
>
>> From: Marc Perkel <marc@???>
>> To: exim-users@???
>> Date: Thu, 07 Dec 2006 12:59:31 -0800
>> Subject: [exim] Blocking Stock Spam ACL
>>
>> Here's an ACL that works for me stopping a LOT of stock spam
>>
>> drop    mime_regex = Symbol\: [A-Z]{4}\nCurrent Price\: Around
>>     message = REGEX - Stock Spam - H=$sender_fullhost - S=$h_Subject: - 
>> F=$h_From: - T=$h_To:

>
> The surge in both Image and Penny-Stock spam has been discussed
> elsewhere. You can use non-exim methods to defend against this
> rubbish.
>
> The real success story here has been to use Sanesecurity's
> anti-phishing and anti-scam databases with the ClamAV virus checker.
> See:
>
> http://www.sanesecurity.com/clamav/
>
> Steve Basford has recently added signatures for stock and image spam
> to these databases. Works really well.


Sounds good, but this page: http://www.sanesecurity.com/clamav/news.htm
says this:

"Some of you noticed that the Scam database has been re-focused to
detect 419/Lottery emails only. The ScamS signatures have been removed.
Although they were detecting a great deal of image spam, for some
people, they caused two or three false positives.
I'm not prepared to accept this, so I've removed them. FuzzyOcrPlugin is
the way to go, for most people!"

which makes it sound slightly less promising in terms of killing image
spam. What's the latest?

Chris