Filters for .gif spam?

[Kurt Granroth]

Darrin Chandler wrote:
> On Tue, Nov 21, 2006 at 10:15:18PM -0700, Kurt Granroth wrote:
>> How are y'all dealing with the massive increase in .gif spam?  Those are
>> the emails that have some random innocuous text and then an attached gif
>> file that contains the actual spam message (usually stock pump-n-dumps).
>>  My spamassassin and bogofilter setup is just not catching those at all.
>>
>> What I'd like to do is create some sort of filter that will capture
>> *all* messages that have a single .gif attachment and put them into a
>> "probably spam" folder.  Unfortunately, I cannot yet figure out how to
>> do this.
>>
>> It looks like SA might not inspect attachments at all so I moved on to
>> procmail.  Procmail, too, seems to have little to no knowledge of
>> attachments.  Maybe Amavis?  Seems weird to use an anti-virus app for
>> spam, though.
>>
>> So what are y'all doing to combat these?
> 
> I've seen a couple of those come through lately, but not too many. Are
> you greylisting?

No, I am not.  I'm too lazy to manage the upkeep of it.  I would always
prefer to do a lot of work up front and nothing afterwards than a steady
bit of little work.  My problem with greylisting is that it doesn't work
for the business notification type emails without some work.

For instance, say I order from XYZ store for the first time and want to
get my receipt emailed to me.  I would have to modify my greylisting
setup to allow that email since there is no way that their automated
system will do the proper reply to get past it.  This would have to be
done for every business that I'm a customer to.  Not a lot of work...
but a little bit for a long time.

Hrm.. y'know, as I wrote that, it occurred to me that all of my business
correspondence like that goes through a particular account so *maybe* I
could setup greylisting on my primary account and not enable it on the
secondary one.  I'll have to think about that.

Kurt