RE: PDF Spam
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: PDF Spam - 9.Jul.2007 9:00:57 AM
|
|
|
coolfactor
Posts: 29
Joined: 15.Jun.2007
Status: offline
|
quote:
ORIGINAL: ride_bent
If only I had Exchange 2007/Content Filter.
What do you have?
We're actually using an Exchange-compliant server, MDaemon. I'm not much of a Windows fan, particularly for servers, but MDaemon has truly impressed me. We haven't had a single problem with that server in 6 months, not something our GFI server and other mail server shares.
If your server supports IMAP, then you should be able to provide your users with instructions to set up a filter within their account. At least it would help some.
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 9:13:16 AM
|
|
|
ride_bent
Posts: 13
Joined: 16.Apr.2003
Status: offline
|
quote:
ORIGINAL: coolfactor
quote:
ORIGINAL: ride_bent
If only I had Exchange 2007/Content Filter.
What do you have?
We're actually using an Exchange-compliant server, MDaemon. I'm not much of a Windows fan, particularly for servers, but MDaemon has truly impressed me. We haven't had a single problem with that server in 6 months, not something our GFI server and other mail server shares.
If your server supports IMAP, then you should be able to provide your users with instructions to set up a filter within their account. At least it would help some.
We have Exchange 2003 Standard w/SP2.
(The politics of suggesting end users set up a rule/filter is not a battle I wish to fight.)
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 9:24:30 AM
|
|
|
coolfactor
Posts: 29
Joined: 15.Jun.2007
Status: offline
|
Creating a Keyword filter for "pdf attach" (in the subject line) has also helped to reduce the PDF spam for us. You might try just "pdf". Keywork filtering doesn't block every message, they must still reach a certain spam threshold. Much like our other solution, you could send trapped messages to a special mailbox just in case a good email doesn't arrive. Would give you a place to search. Set a self-cleaning limit on the account to remove messages older than 5 days and you should be good to go.
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 9:37:31 AM
|
|
|
jviox22
Posts: 3
Joined: 13.Apr.2007
Status: offline
|
Is anyone checking for whole words using Keyword Checking? If so, the .pdf or .pdf attached solution does not appear to be working.
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 10:08:51 AM
|
|
|
coolfactor
Posts: 29
Joined: 15.Jun.2007
Status: offline
|
quote:
ORIGINAL: jviox22
Is anyone checking for whole words using Keyword Checking? If so, the .pdf or .pdf attached solution does not appear to be working.
The "Match whole words only" checkbox only applies to the General keywords, not the Subject keywords. Make sure your "pdf attached" entry is in the Subject list.
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 11:00:39 AM
|
|
|
chrisa
Posts: 23
Joined: 14.Aug.2005
Status: offline
|
Hi,
Normally such spam mails are caught by the DNSBlacklist module in GFI MailEssentials. We also suggest to enable the Zombie Check which is the bottom option in the DNSBlacklist Properties window.
Let us know how it goes.
_____________________________
Kind regards,
Christopher Attard
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 11:15:37 AM
|
|
|
studio_two
Posts: 69
Joined: 10.Aug.2003
Status: offline
|
quote:
ORIGINAL: jlostanau
I just filter all the subjects that contain the pdf word
Thanks, I'm going to give that a try.
I can see that this might trap legitimate messages created directly within Acrobat, but I reckon the majority of those will be sent by addresses already on our white list.
Stephen
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 1:32:03 PM
|
|
|
dwarren
Posts: 68
Joined: 16.Feb.2006
Status: offline
|
I am also receiving a bunch of pdf spam that has made it thru our filters. I will say that GFI is catching some using the Dynamic IP check, but some is still making it thru.
David
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 1:39:17 PM
|
|
|
coolfactor
Posts: 29
Joined: 15.Jun.2007
Status: offline
|
GFI is working on a solution apparently. There isn't an official solution for the new PDF spam problem yet because it's very new and will take time to create an effective solution.
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 2:28:42 PM
|
|
|
Marcelo-CCC
Posts: 194
Joined: 21.Apr.2004
From: Linden, NJ - USA
Status: offline
|
I am using a rule set in MailSecurity that is catching them all (and a lot of them....) saved my day and until MailEssentials has the required capability.
GFI: as a suggestion why don't you build the same rule capability in ME to handle specific cases like this new one while customers wait while GFI develops the filtering technique? We know we as spam recipients are always running behind savvy spammers, we are REACTIVE force by nature.
I know you guys are probably pushing the sale for MSecurity ('well.... has comprehensive rule engine...' but it would help those that don't have the AVirus needs or MS program
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 3:16:33 PM
|
|
|
fnbaiss
Posts: 127
Joined: 19.Sep.2003
From: USA
Status: offline
|
Marcelo-CCC, are you using an attachment rule in MailSecurity?
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 4:51:35 PM
|
|
|
Marcelo-CCC
Posts: 194
Joined: 21.Apr.2004
From: Linden, NJ - USA
Status: offline
|
No Attahment Rule, that would stop valid emails.
I use a simple Content Filter rule with .pdf as the phrase on the subject line (no quotes needed)
Works like a charm, 200 and counting...
Marcelo (CCC is my company)
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 5:19:40 PM
|
|
|
fnbaiss
Posts: 127
Joined: 19.Sep.2003
From: USA
Status: offline
|
What's your action for that rule?
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 5:41:28 PM
|
|
|
huffinagle
Posts: 33
Joined: 31.Mar.2005
From: McMinnville, OR, USA
Status: offline
|
Marcelo, Doesn't that also catch any legitimate email that has .pdf in the subject line? (this could be the case if someone uses the right-click>Send to Mail Recipient method of sending an attachment.)
A user called me and asked if there was a way I could create a rule that states: "If the body of an email is blank, and there is a .PDF attachment - Do X"
GFI, is there a way such a granular rule can be created by users?
Thanks, Matthew
|
|
|
|
|
RE: PDF Spam - 9.Jul.2007 5:56:43 PM
|
|
|
Marcelo-CCC
Posts: 194
Joined: 21.Apr.2004
From: Linden, NJ - USA
Status: offline
|
fnbaiss: I quarantine only, then created a Search Folder for that rule and set it to autopurge in 4 days (long weekend)
huffinagle: yes, it would catch some legit emails sent from the application (Adobe) for example, but the false positive rate is extremely low in my case and since I keep them in Quar for a while I can check and forward.
Also a rule that checks for blank body would stop some legits, most applications when using the Send option only add text to the subject but nothing to the body.
THIS IS TEMPORARY guys, just til GFI catches up!
< Message edited by Marcelo-CCC -- 9.Jul.2007 5:59:37 PM >
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
