From: Ned Slider [mailto:n...@unixmail.co.uk]
>I had one sneak through today which didn't hit any rules at all (it hits >a few DNSBLs now but not when I received it). It contained an inline png: >Any idea how to tackle these? I have the DSCxxxx png rule in place but >obviously that doesn't apply to this example. Here's what I'm using. It does rely on the BOTNET plugin, but I only use BOTNET in meta rules anyway, so this is a perfect use for it. This rule caught about 700 of them yesterday. meta AE_PNG_ATTACH __PNG_ATTACH_1 && __BOTNET_CLIENT describe AE_PNG_ATTACH Attempt to catch image spam score AE_PNG_ATTACH 2 -- Dan McDonald, CCIE # 2495, CISSP # 78721, CNX
