I have a few PDF's getting through now after doing pretty good, the latest 0.4 pdfinfo + sa 3.1.7 + sare rules + sa-update is not scoring enough on these:
http://esmtp.webtent.net/mail1.txt http://esmtp.webtent.net/mail2.txt Do I need to tweak my rules scores to catch or is someone else able to block these otherwise? All of these seem to hit the same two rules, would it be OK to test for only those two rules and block or raise their score, or would that hit too much ham? 0.6 GMD_PDF_ENCRYPTED BODY: Attached PDF is encrypted 1.0 TVD_PDF_FINGER01 Mail matches standard pdf spam fingerprint -- Robert
