PDF Spam Agent 1.0 Beta

We just have released the first beta of our new PDF Spam Agent, an External Agent designed specifically to stop the recent PDF spam outbreak. It is a fairly simple program that categorizes the email as PDF spam if all of the conditions below are satisfied:

The email…

  • Size must be less than 200kB
  • Must have exactly one attachment, a PDF file
  • Attachment size must be less than 100kB

The PDF…

  • Must have only one page
  • Must be version 3 (Acrobat 4.x)
  • Must not have an info block
  • Must have only one font embedded
  • Must contain exactly one image

The image…

  • Must have name /Im0 (most PDF generators define /Im1)
  • Must be GIF (kind of… must have one filter called /LZWDecode)

I realize it is far from perfect and can be tricked very easily—this time, the goal was to reliably detect the current outbreak and differentiate it from legitimate PDF attachments, however. As the PDF spam phenomenon evolves, the above rule set will get deprecated and will have to get updates. This is why we decided to release the source code of the agent this time—I know many of the readers can code in C# and your reaction time is probably faster than ours. Feel free to modify the agent and/or move the project to SourceForge.net.

5 thoughts on “PDF Spam Agent 1.0 Beta

  1. Kurt (EC)

    I’ll let you know on Monday what it gives. I suppose amongst the 39 million of spams we’re getting monthly, there’ll be at least a few pdf ones – allthough we can’t really talk about a “pdf wave” so far. They’ve been reported, but it’s not that bad – yet.

  2. Jay Tuley

    Actually because of licensing caveats no one is going to be able to legitimately move this sourceforge. Since you licensed your code to others as GPL, the licensees who try to modify and redistribute, will run into the issue of the Interop.ADODB.dll,Interop.CDO.dll not being under a GPL compatible license or part of the default system installation (which GPL has an exception for in regards to linking) and thus they won’t have a legitimate license to your code to begin with.

    There are a few solutions, however they all require you relicensing your code.

    The simplest solution is that you can relicense your code as LGPL or MPL which would make the license valid linking to both the Interop libraries and iText# (as iText# is GPL,LGPL or MPL), and both MPL and LGPL allow linking to proprietary code like the interop libraries.

    More complicatedly you could keep the license GPL but add custom exceptions for linking to the Interop libraries and iText# specifically. In this case you need the iText# exception as well since while iText# is licensed GPL, it’s GPL without the exceptions you’d be making for the interop libraries and thus you’d need an exception for it so it would fall it’s LGPL or MPL license which would be incompatible with GPL otherwise.

    http://www.gnu.org/licenses/gpl-faq.html#TOCGPLIncompatibleLibs

  3. Peter Post author

    Jay, thanks for pointing out this issue and sorry for the late response. The next version of the agent will be published under MPL.

Leave a Reply

Your email address will not be published. Required fields are marked *

AlphaOmega Captcha Classica  –  Enter Security Code