[CentOS] Detecting empty office doc containing virus macro

Fri Oct 30 03:59:30 UTC 2015
Always Learning <centos at u64.u22.net>

On Thu, 2015-10-29 at 20:37 +0000, Ned Slider wrote:

> Combining multiple simple rules in a meta
> rule is also a great way to detect many spams. If you can find 3 or 4
> factors specific to these spam (the more unique the better), combining
> them usually gives excellent results.

Yep. 

In Exim I score 1 for sending IP address having no reverse DNS
 (IP > Name > the same IP address)
I score 1 for HELO/EHLO not resolving to the sending IP address
I score 1 for a non-existent email address

3 = IP blocked for several months ***before*** downloading the email's
body.

2 = Gets connection rejected ***before*** downloading the email's body.

+++

Never accept email from home user's domain names like (here is just a
few)


*airtelbroadband.in
*adsl.alicedsl.de
*dynamic.se.alltele.net
*alshamil.net.ae
*adsl.anteldata.net.uy
*aphie.info
*pools.arcor-ip.net
*static.arcor-ip.net
*as9105.com
*as13285.net
*as43234.net

Don't be an idle victim of mail abuse. Fight back hard.


-- 
Regards,

Paul.
England, EU.      England's place is in the European Union.