Hi all, fixed in assp 2.8.2 *SPAM-Eliminator* build 23251:
- In IP-address lists it is now possible to define an ASN (Autonomous System Number) for an IP-address. The IP-address-range for the IP in the ASN is resolved and used instead of the defined IP-address. Even the ASN contains more than this IP-address range, only the range in which the defined IP-address is included is used. GUI explanation: ... It is also possible to let assp lookup the ASN (Autonomous System Number) for an IP-address (NOT the ASN number its self - like ASN:1234). The CIDR of the ASN will be used by assp. To lookup the ASN for an IP-address, write ASN:x.x.x.x or ASN:aaaa:bb::c The ASN:ip-address notation can be also used for IP lists in a group definition. ... added: - ASSP_AFC.pm version 5.48 is now able to detect 'MHT MalDoc' (JPCERT/CC - https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html) attacks. JPCERT/CC currently describs only the (one) case of handcrafted PDF files with MHT content. Simple tests have shown, that it is possible to include MHT's in many file types (for example images as well) and that MS-Office on Windows will open the MHT code, if the file extenson matches an MS-Office file extension - even the magic number of the file is not related to any MS-Office file. ASSP_AFC will detect MHT content in any attachment where such content is unexpected. Until now such files were only detected because of a possible missmatch between the file-magic-number (MIME-Type) and the file extension. Thomas
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
