PDF Spam |
Post Reply |
Author | |
Desperado
Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Posted: 27 June 2007 at 1:23pm |
We are suddenly getting huge amounts of spam that is simply a pdf file. We can not block PDF's as they are a common form of document as the spammers well know. I am surprised this did not happen sooner. Thoughts on how to correctly identify them and block? Additional Info: Edited by Desperado |
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
We're working on a new release that will scan inside PDFs just like we're currently scanning image files. Unfortunately we can't make any promises yet, we'll update this in a few days.
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Desperado,
We've just released SpamFilter v3.5.4.692 in the registered user area. It is a beta that is able to scan within PDF files and is successfully identifying the "stock spam" embedded in them. This new filter is enabled by default and inherits the same settings as the "standard" image filter. Please note that this new release also includes several major internal improvements and bug fixes. In addition to the new PDF filter, the most notable change involves a bug we discovered with all the triggers in the database (see release notes below). To fix it, SpamFilter will automatically delete ALL triggers and recreate them when it is started for the first time. // New to VersionNumber = '3.5.4.692'; {TODO -cNew : Added new filter to scan images within PDF attachments for spam} {TODO -cFix : In SFE, triggers in the database were not identifying multiple updates to the same tables, if they occurred within 5 seconds of each other. A DB patch SQL script will be automatically downloaded and executed once by SpamFilter upon startup. The script will delete all triggers and recreate them} {TODO -cFix : In installations with multiple SpamFilter Enterprise, changes made directly against the database may not be visible by other servers} {TODO -cFix : A specific set of circusmtances involving "unfiltered Emails" with the "tag" or "tagsubject" modifiers, and multiple, separate emails within the same SMTP session, could cause emails to be delivered to some unfiltered users if a recipient is in the unfiltered list} {TODO -cFix : Exception occurred during TFilterObject.ReadFilterFromFile (2): Access violation at address 00401981 in module 'SpamFilterSvc.exe'.} {TODO -cFix : SpamFilter Enteprise GUI *appeared* frozen during startup when processing several customized domain. The ativity windows now scrolls to show current status during startup} {TODO -cNew : When adding duplicate entries in the blacklist/whitelists, SpamFilter will automatically remove the duplicate from the database as well, not just in the GUI as before (except for MAPS and Keywords blacklists)} Edited by LogSat |
|
sgeorge
Senior Member Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
|
Roberto, the new pdf-scanning functionality is working like a peach! I am extremely pleased (and so are our users).
Stephen |
|
IKILLSPAM1
Groupie Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
Post Options
Thanks(0)
|
Has anyone noticed a drop off on the effectiveness of this? I was catching like 25 a day and now its not catching any. Why is that? I also notice in the log it says Scanning PDF for spam: with no filename after it. Im guessing all those are definately spam. Is there anything I can do about these? Any suggestions are welcome.
|
|
Desperado
Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
|
OK ... I am finding it is catching as many as it has been catching but suddenly some new ones are getting through. I am thinking it is the dimentions of the image but am not sure. I emailed support prior to seeing this post and have a pdf sample ready for roberto to look at if he thinks it will do any good.
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
IKILLSPAM1
Groupie Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
Post Options
Thanks(0)
|
I have many samples as well that I can contribute :)
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Got the sample. The issue is that the filter we've lately developed scans for *images* within PDF files, and then applies our current image filter to them to see if they're spam. In the sample provided (we've seen several ourselves), the PDF contains *text*, not images. We'll be releasing a new version shortly that will allow you to scan PDFs as well for keywords, in addition to the email's body.
|
|
Thermo
Newbie Joined: 10 July 2006 Location: Canada Status: Offline Points: 25 |
Post Options
Thanks(0)
|
The pdf spam coming in to me contain encrypted text based pdf's with full security turned on. Are these still being scanned, and can you even scan these for keywords?
Thermo |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
If you can forward us a copy of one such email we'll be able to find out more.
|
|
Thermo
Newbie Joined: 10 July 2006 Location: Canada Status: Offline Points: 25 |
Post Options
Thanks(0)
|
I sent you an email with the pdf attached, this pdf has 128 bit encryption enabled per the document properties in Adobe reader.
Thermo |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Thermo,
We received the PDF file. Yes, even if they are encrypted, they are still being scanned successfully. I will email you with additional details. |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.164 seconds.