PDF Spam
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6125
Printed Date: 26 December 2024 at 9:27am
Topic: PDF Spam
Posted By: Desperado
Subject: PDF Spam
Date Posted: 27 June 2007 at 1:23pm
|
We are suddenly getting huge amounts of spam that is simply a pdf file. We can not block PDF's as they are a common form of document as the spammers well know. I am surprised this did not happen sooner. Thoughts on how to correctly identify them and block? Additional Info: ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Replies:
Posted By: LogSat
Date Posted: 27 June 2007 at 4:14pm
|
We're working on a new release that will scan inside PDFs just like we're currently scanning image files. Unfortunately we can't make any promises yet, we'll update this in a few days.
------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: LogSat
Date Posted: 30 June 2007 at 11:37pm
|
Desperado, We've just released SpamFilter v3.5.4.692 in the registered user area. It is a beta that is able to scan within PDF files and is successfully identifying the "stock spam" embedded in them. This new filter is enabled by default and inherits the same settings as the "standard" image filter. Please note that this new release also includes several major internal improvements and bug fixes. In addition to the new PDF filter, the most notable change involves a bug we discovered with all the triggers in the database (see release notes below). To fix it, SpamFilter will automatically delete ALL triggers and recreate them when it is started for the first time. // New to VersionNumber = '3.5.4.692'; {TODO -cNew : Added new filter to scan images within PDF attachments for spam} {TODO -cFix : In SFE, triggers in the database were not identifying multiple updates to the same tables, if they occurred within 5 seconds of each other. A DB patch SQL script will be automatically downloaded and executed once by SpamFilter upon startup. The script will delete all triggers and recreate them} {TODO -cFix : In installations with multiple SpamFilter Enterprise, changes made directly against the database may not be visible by other servers} {TODO -cFix : A specific set of circusmtances involving "unfiltered Emails" with the "tag" or "tagsubject" modifiers, and multiple, separate emails within the same SMTP session, could cause emails to be delivered to some unfiltered users if a recipient is in the unfiltered list} {TODO -cFix : Exception occurred during TFilterObject.ReadFilterFromFile (2): Access violation at address 00401981 in module 'SpamFilterSvc.exe'.} {TODO -cFix : SpamFilter Enteprise GUI *appeared* frozen during startup when processing several customized domain. The ativity windows now scrolls to show current status during startup} {TODO -cNew : When adding duplicate entries in the blacklist/whitelists, SpamFilter will automatically remove the duplicate from the database as well, not just in the GUI as before (except for MAPS and Keywords blacklists)} ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: sgeorge
Date Posted: 06 July 2007 at 10:50am
Roberto, the new pdf-scanning functionality is working like a peach! I am extremely pleased (and so are our users).  Stephen |
Posted By: IKILLSPAM1
Date Posted: 16 July 2007 at 10:42am
|
Has anyone noticed a drop off on the effectiveness of this? I was catching like 25 a day and now its not catching any. Why is that? I also notice in the log it says Scanning PDF for spam: with no filename after it. Im guessing all those are definately spam. Is there anything I can do about these? Any suggestions are welcome.
|
Posted By: Desperado
Date Posted: 16 July 2007 at 11:35am
|
OK ... I am finding it is catching as many as it has been catching but suddenly some new ones are getting through. I am thinking it is the dimentions of the image but am not sure. I emailed support prior to seeing this post and have a pdf sample ready for roberto to look at if he thinks it will do any good. ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: IKILLSPAM1
Date Posted: 16 July 2007 at 11:51am
| I have many samples as well that I can contribute :) |
Posted By: LogSat
Date Posted: 16 July 2007 at 12:00pm
|
Got the sample. The issue is that the filter we've lately developed scans for *images* within PDF files, and then applies our current image filter to them to see if they're spam. In the sample provided (we've seen several ourselves), the PDF contains *text*, not images. We'll be releasing a new version shortly that will allow you to scan PDFs as well for keywords, in addition to the email's body.
------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Thermo
Date Posted: 26 July 2007 at 5:56pm
|
The pdf spam coming in to me contain encrypted text based pdf's with full security turned on. Are these still being scanned, and can you even scan these for keywords? Thermo |
Posted By: LogSat
Date Posted: 26 July 2007 at 8:32pm
|
If you can forward us a copy of one such email we'll be able to find out more.
------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Thermo
Date Posted: 26 July 2007 at 10:15pm
|
I sent you an email with the pdf attached, this pdf has 128 bit encryption enabled per the document properties in Adobe reader. Thermo |
Posted By: LogSat
Date Posted: 26 July 2007 at 11:45pm
|
Thermo, We received the PDF file. Yes, even if they are encrypted, they are still being scanned successfully. I will email you with additional details. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |