Image-only adult themed spam

Posted on May 13, 2009
Filed Under MDaemon | 1 Comment

Lately there is a new batch of spam going out that tends to use adult themed subjects, but has no content in the body aside from a single image.

It has been reported that this SpamAssassin rule helps:

header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i
mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i
meta MIME_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __ANY_IMAGE_ATTACH && !__ANY_TEXT_ATTACH)
score MIME_IMAGE_ONLY 2.00
describe MIME_IMAGE_ONLY Image body part but no text body parts

To use it, copy these five lines into the bottom of your \MDaemon\SpamAssassin\rules\local.cf file, then either restart MDaemon or create a mdspamd.sem file in the \MDaemon\App\ directory.

You may want to tweak the “Score”, but start with 2.0 as this rule hasn’t been aggressively tested so there is a higher risk of false positives then with the default SpamAssassin rules.

Lastly, it’s also worth mentioning that Outbreak Protection (part of SecurityPlus 4 and higher) is flagging these messages as spam.

UPDATE 2009/05/19: The above rule only works in MDaemon 10 and higher, for earlier versions, you’ll need one more line:

mimeheader __ANY_IMAGE_ATTACH Content-Type =~ /image\/(?:gif|jpeg|png)/
(Thanks goes to “Greg Vancardo” for tracking this one down)

Comments

• Article Categories

  • General
  • LDaemon
  • MDaemon
  • MDaemon Plugins
  • Outlook Connector
  • Security Plus
  • SyncML
  • WebAdmin
  • Worldclient

• Links

  • Alt-N Knowledge Base
  • Alt-N Technologies
  • MDaemon Homepage

• Most Visited Posts

  • MultiPOP and Gmail
  • MDaemon's eventlog codes
  • Exporting Worldclient contacts the easy way
  • iPhone/iPod Touch SyncML clients
  • Changing the iPhone IMAP "Sent" folder name

• Search Articles
• Search for:

• Say thanks!

  Has information on this blog helped you? If so, say thanks with PayPal!