Hi All

We are receiving the same image spam many times, random text within the body. The only common thing is a image attachment, with the filename in the following format

  DSL1234.png

I have made the following ' RAWBODY ' rule

/dsl[0-9]{4}\.png/i

This rule works if the text appears in the body, when testing with a hand telnet to port 25, but fails in practice. I think this is because the RAWBODY rule does not search the text of a attachment.

example text of a spam

------=_NextPart_000_0075_01C9C5DF.A7950570
Content-Type: image/png;
       name="DSL6672.png"
Content-Transfer-Encoding: base64
Content-ID: <a0ff8910$101f730d$6c822ecf>
Content-Disposition: inline

Any ideas ?

Thanks in advance
Regards
Gary

Reply via email to