This is a discussion on Re: Scanning without attachments - SpamAssassin ; Henrik K wrote: > On Wed, Mar 12, 2008 at 09:48:37AM -0400, Randy Ramsdell wrote: > >> Drew Burchett wrote: >> >>> I've noticed a new trend in spam on my mail server that is getting by >>> SpamAssassin. The ...
Henrik K wrote:
> On Wed, Mar 12, 2008 at 09:48:37AM -0400, Randy Ramsdell wrote:
>> Drew Burchett wrote:
>>> I've noticed a new trend in spam on my mail server that is getting by
>>> SpamAssassin. The spammer is creating his message and then attach a
>>> couple of garbage PDFs to the email. These PDFs make it too large for
>>> SpamAssassin to scan the message, so it gets by the system. I have
>>> tried turning up the size so SpamAssassin will scan it, but it takes WAY
>>> too long to scan a message. Does anyone have any suggestions on how I
>>> could catch/scan these messages without putting too much of a load on
>>> Drew Burchett
>>> United Systems & Software
>>> Ph: (270)527-3293
>>> Fax: (270)527-3132
>> And it works too. I suppose more spammers don't use this technique more
>> often and so far, I have not found a nice way to deal with it.
> Probably ClamAV is the way to go for big messages. Try Sanesecurity
> signatures if you don't already.
You can use spamassassin and clamav with or without Amavis, but to check
the message, you must make a system wide change that will affect every
message. Bypassing file size limits with any of those setups might not
be an ideal solution. After a brief read on Sanesecurity signatures, it
appears that the size limits will still come into the equation and
again, a system wide setting change is required.