On Fri, 2009-05-01 at 14:04 -0400, Adam Katz wrote:
> mimeheader __DSCL4_PNG Content-Type =~ /name\=\"DS[CL]\d{4,5}\.png\"/
> body __PNG_240_400 eval:image_size_exact('png',240,400)
> meta DSCL4DIG_PNG __DSCL4_PNG && __PNG_240_400
> describe DSCL4DIG_PNG Supposed digital camera photo is a PNG
>
> Probably the mimeheader check alone is enough.
>
Just got the first one I've seen in this spam campaign. The mimeheader
in this case has no image name, which strikes me as a sure fire spam
recogniser, or can drag'n drop cause that with some MUAs?
Combining a noname image with no body text and/or the usual collection
of meds/porno words/phrases in the subject line should be fairly
reliable.
Martin
