--=-Po85jPJrlIigwbwIQcUV
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Fri, 2007-07-13 at 12:28 -0400, Robert Fitzpatrick wrote:
> Just verified a couple of PDF attachments getting through with our
> PDFInfo rules. Can someone test these to see if my PDF rules are working
> or if you're able to block? I believe the rules are working as the
> latter message is hitting one, just not enough to block. I tried my
> access to the PDFInfo link sent to me by the webmaster to see if there
> was an update, but it is not working now


running pdfinfo 0.3, I see the first one being analyzed, but not stopped
by the pdfinfo rule:
[22374] dbg: pdfinfo: Filename=3DUnpaid-ysqupuubxeq.pdf Title=3Duntitled
Author=3Dunknown Producer=3Dunknown Created=3D0 Modified=3D0
[22374] dbg: pdfinfo: MD5 results for Unpaid-ysqupuubxeq.pdf -
md5=3DF923904B32BA5534E77C65A2651661D4
fuzzy1=3D0C751FC7A604AB836B4A10B63BB1449D
fuzzy2=3D1AF87ABAF88F3C2A80577BE2E3A5886E
[22374] dbg: pdfinfo: Found a PDF file - Unpaid-ysqupuubxeq.pdf
....
X-Spam-Status: No, score=3D3.4 required=3D5.0 tests=3DBOTNET_CLIENT,
BOTNET_IPINHOSTNAME,BOTNET_OTHER,DKIM_POLICY_SIGNS OME,RELAY_US,
TVD_SPACE_RATIO autolearn=3Ddisabled version=3D3.2.1

Botnet probably would have killed this off on my system, but since my
botnet is tied to p0f and I don't have any fingerprint data it won't hit
those rules...

--=20
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com

--=-Po85jPJrlIigwbwIQcUV
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBGl7BwLxmhOiLop2oRAqYwAJ9ZpdW30jNcZSfU48Lvij K9TjsPBACfT+7i
WGP/Bmuz9UnxP6qFMV8xD8s=
=EI9i
-----END PGP SIGNATURE-----

--=-Po85jPJrlIigwbwIQcUV--