On 4/11/2023 6:06 AM, Florian Lohoff via MIMEDefang wrote:
From my quick analysis javascript in mails is pretty rare and in 99% of the cases spam/ad stuff. I right now have a simple custom rule in spamassassin scoring the above very high as spam and rejecting it. But for my taste thats tooo simple. I'd rather walk through all individual MIME parts.
From my experience, there is a lot of javascript in emails from a lot of name brands. However, MIMEDefang's origins are based on exactly this type of concept when DFS invented it.
There are a LOT of obuscation techniques but there are also real (but very stupid) banks that do things like email html files for instructions to their clients and things.
Do you have a sample of the file with the bad HTML and I can see if there are SA rules that hit it too?
Regards, KAM _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. MIMEDefang mailing list [email protected] https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
