Hi all, the last week or so we are having a lot of problems with emails either with subjects like "New Approach Contractors Ltd wants to share Scan" or "Invoice INV-03056 from Encompass Environmental Ltd" which contian an HREF to see your "scan" or "invoice" at a URL ending /share or /directory respectively. These aren't detected by Spamassassin, I have Razor and iHash configured running on Spamassassin 3.4.1. Even when I have Bayes learn a few examples, subsequent Spams can get Bayes as low as 50%.
Example: https://pastebin.com/85v2nHkF My question is does anyone have any ideas/tips/rules for catching these. I've created a custom rule that checks for the subject and HREF, but ever time a new variant comes out I'll have to update this. Anyone got any better solutions? thanks in advance, Andy.
