I have a few PDF's getting through now after doing pretty good, the
latest 0.4 pdfinfo + sa 3.1.7 + sare rules + sa-update is not scoring
enough on these:

http://esmtp.webtent.net/mail1.txt
http://esmtp.webtent.net/mail2.txt

Do I need to tweak my rules scores to catch or is someone else able to
block these otherwise? All of these seem to hit the same two rules,
would it be OK to test for only those two rules and block or raise their
score, or would that hit too much ham?

0.6 GMD_PDF_ENCRYPTED BODY: Attached PDF is encrypted
1.0 TVD_PDF_FINGER01 Mail matches standard pdf spam fingerprint

--
Robert