RE: PDF Spam
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: PDF Spam - 9.Jul.2007 5:58:40 PM
|
|
|
huffinagle
Posts: 33
Joined: 31.Mar.2005
From: McMinnville, OR, USA
Status: offline
|
Great information. Thanks, -Matthew
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 12:52:21 PM
|
|
|
pmcneill
Posts: 149
Joined: 18.May2005
Status: offline
|
We are seeing this junk too. Looking forward to a solution.
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 12:59:31 PM
|
|
|
huffinagle
Posts: 33
Joined: 31.Mar.2005
From: McMinnville, OR, USA
Status: offline
|
From MailSecurity:
1) Creating a content checking rule for ".PDF" in the subject line,
2) Creating a a "search folder" for ".PDF in Subject Line"
At leasts stops all of these at the MSec server. It's a very effective work around.
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 1:37:54 PM
|
|
|
pmcneill
Posts: 149
Joined: 18.May2005
Status: offline
|
This doesn't seem to be working for me. After some testing, it will catch emails with just ".pdf" in the subject, but if it's "filexyz.pdf" it allows it through. Is this because I've got the "match whole words only" checkbox selected?
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 1:40:48 PM
|
|
|
huffinagle
Posts: 33
Joined: 31.Mar.2005
From: McMinnville, OR, USA
Status: offline
|
Yes, if you uncheck, "Match whole words only" for the .PDF content checking rule you created, it will catch any text in the subject line that includes the '.PDF' string.
I've been running this for one day and haven't caught any false positives yet (but it's bound to happen, that's why this is just a temporary work-around until GFI finds a cure).
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 1:56:14 PM
|
|
|
pmcneill
Posts: 149
Joined: 18.May2005
Status: offline
|
So, I guess my question is how do I keep the individual words in the phrases I've entered into my keyword checker from triggering the filter? As an example, I have the phrase "if you received this in error" listed as a trigger for the filter. If I untick this box, isn't every email with the word "if" in the subject line now going to get caught by the keyword checker?
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 1:58:48 PM
|
|
|
Marcelo-CCC
Posts: 194
Joined: 21.Apr.2004
From: Linden, NJ - USA
Status: offline
|
quote:
ORIGINAL: huffinagle
Yes, if you uncheck, "Match whole words only" for the .PDF content checking rule you created, it will catch any text in the subject line that includes the '.PDF' string.
I've been running this for one day and haven't caught any false positives yet (but it's bound to happen, that's why this is just a temporary work-around until GFI finds a cure).
Had this solution running for 3 days, caught hundreds, no false positives yipee!
Created a rule in my Outlookto delete any MSec Quarantine Alert for this rule to avoid nuisance alerts.
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 2:06:17 PM
|
|
|
huffinagle
Posts: 33
Joined: 31.Mar.2005
From: McMinnville, OR, USA
Status: offline
|
I'm configuring this in MailSECURITY and not MailEssentials. The Content Checking Rules are in MailSecurity. There you can also set the option for "whole word" checking.
It can be a little confusing since the two apps are very similar, but with the MailSecurity filtering, I don't have to use my MailEssentials Key Word Checker (otherwise, I'd have the same problem with individual words, and that would NOT be good)
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 2:13:27 PM
|
|
|
pmcneill
Posts: 149
Joined: 18.May2005
Status: offline
|
Ahh, ok sorry. I don't have MailSecurity, so I guess we're up the creek until a true fix is introduced.
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 2:14:18 PM
|
|
|
huffinagle
Posts: 33
Joined: 31.Mar.2005
From: McMinnville, OR, USA
Status: offline
|
quote:
ORIGINAL: pmcneill
Ahh, ok sorry. I don't have MailSecurity, so I guess we're up the creek until a true fix is introduced.
Ugh, that's a bummer.... :-(
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 4:48:40 PM
|
|
|
Marcelo-CCC
Posts: 194
Joined: 21.Apr.2004
From: Linden, NJ - USA
Status: offline
|
quote:
ORIGINAL: Marcelo-CCC
I am using a rule set in MailSecurity that is catching them all (and a lot of them....) saved my day and until MailEssentials has the required capability.
GFI: as a suggestion why don't you build the same rule capability in ME to handle specific cases like this new one while customers wait while GFI develops the filtering technique? We know we as spam recipients are always running behind savvy spammers, we are REACTIVE force by nature.
I know you guys are probably pushing the sale for MSecurity ('well.... has comprehensive rule engine...' but it would help those that don't have the AVirus needs or MS program
pcmcneill
I knew it was going to an issue... I repeat myself :-) maybe GFI reads it and add the feature to ME
|
|
|
|
|
RE: PDF Spam - 10.Jul.2007 6:37:31 PM
|
|
|
coolfactor
Posts: 29
Joined: 15.Jun.2007
Status: offline
|
This PDF spam is coming in by the boatload the past couple of days. We've been effectively stopping with the ".pdf" filter described in this thread.
We've heard some have had success stopping this spam with the SFP validation filter, but we've disabled that for now.
I can't wait for GFI to come up with a brilliant solution to the problem. Just putting more weight behind the need!
|
|
|
|
|
RE: PDF Spam - 11.Jul.2007 2:55:26 AM
|
|
|
forumsgo
Posts: 45
Joined: 23.Feb.2006
Status: offline
|
I added a keyword in subject checking as .pdf
What do I do if somebody sends legit email with .pdf in subject line?
|
|
|
|
|
RE: PDF Spam - 11.Jul.2007 8:31:58 AM
|
|
|
Marcelo-CCC
Posts: 194
Joined: 21.Apr.2004
From: Linden, NJ - USA
Status: offline
|
quote:
ORIGINAL: forumsgo
I added a keyword in subject checking as .pdf
What do I do if somebody sends legit email with .pdf in subject line?
if you added the Keyword to Mail Essentials and your valid customer's email address or domain is in the Whitelist AND the Whitelist is above in priority to the Keyword/Header Checking then you will be fine, otherwise the valid email will be processed with whatever 'Action' you have set.
I have not had yet a false positive, meaning a valid email with .pdf in the subject line, but it is possible !
If you have MailSecurity I recommend using the technique described above using the Content Filtering, works marvels (... until GFI solves the real problem).
|
|
|
|
|
RE: PDF Spam - 11.Jul.2007 1:43:31 PM
|
|
|
dwarren
Posts: 68
Joined: 16.Feb.2006
Status: offline
|
quote:
if you added the Keyword to Mail Essentials and your valid customer's email address or domain is in the Whitelist AND the Whitelist is above in priority to the Keyword/Header Checking then you will be fine, otherwise the valid email will be processed with whatever 'Action' you have set.
I have not had yet a false positive, meaning a valid email with .pdf in the subject line, but it is possible !
If you have MailSecurity I recommend using the technique described above using the Content Filtering, works marvels (... until GFI solves the real problem).
Not necessarily. You could still potentially have false positives. For example, alot of my users receive email but hardly send any out, meaning those addresses are not auto-whitelisted... and i'll be the first to say they aren't the quickest ones to get me their list of companies to whitelist manually.
I also meant to say that they suggested using MailSecurity to block these, which block emails before it checks the whitelist.
< Message edited by dwarren -- 11.Jul.2007 1:46:49 PM >
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
