Yes, I have noticed this as well. I have tried to put a RegEx expression in the "attachments" black list to filter out .png, but I haven't found the proper syntax. The RegEx test says that ".png" (w/o the quotes) is found and that it should be placed in parenthesis. This would make the expression "(.png)"  (again w/o quotes), but it has just proven not to work either.....still research how to write a RegEx for SF......(sigh).

Hmm.....I stand corrected.  (.png) does appear to work according to my logfiles.
We'll see about (.*\.png) ......

Problem with this is .png is a very valid format and we email our graphs back and forth using png so you really may get some unwanted blocking.

Just to confirm that we are also seeing an increased amount of this type of SPAM.  Interesting though, most of the messages appear to be blank, only the inline png image.

I don't understand why the blank email option is not kicking in, I thought it used to be a configurable option but I don't see it anywhere that can be configured on a per domain level.

Webguyz,

Can you try changing the following setting in the SpamFilter.ini file to 1:

ScanReceivedHeaders=1

I have the same problem as WebGuyz and have confirmed that the ScanReceivedHeaders=1 setting is in my .ini file too.

We've pre-released SpamFilter v4.1.2.811 in the registered user area, and this version supports a variation in the keyword blacklist options that is helping in catching this spam. That release, along with the following keyword:

Content,(content-transfer-encoding: base64),(content-disposition: inline),((content-type: image/png)|(content-type: image/jpg)),((text/plain)|(text/html))::NEGATE

is helping in stopping this category of spam.

We modified this last build of SpamFilter to support a couple of features.
The first one is that you can't use RegEx (at least we haven't figured out a way to do it ourselves...) to specify a keyword that will look for the presence of two different words. For example, we can use RegEx to look for either DOG or CAT, or we can use RegEX to look for the word DOG followed by the word CAT, or to look for the word CAT followed by the word DOG. But for the life of us we could not find a RegEx expression that looked for the presence of both words, in any order, in the text (other than looking for "DOG followed by CAT or CAT followed by DOG" - something like (DOG.*CAT)|(CAT.*DOG). This later expression would be rather complex when looking for the presence of 4 item as we'd have to spell out every single possibility.

So we added an option to be able to specify multiple RegEx expressions on a single line separated by commas. This allows us to look for the presence of *all* the RegEx expressions, thus allowing us to use an AND with RegEx. The only trick here is that, in order to be compatible with all current keyword expressions, when using this format we must specify a "norma" non-RegEx keyword to appear first in the list. All this regression to explain why we need the "Content" keyword to appear first in the list.

The new ::NEGATE option applies only to the specific keyword entry it follows, so here it only applies to the (text/plain)|(text/html)) - neither of these must be present for the entry to match.