On 12/5/2017 7:37 PM, Jan-Pieter Cornet wrote:
Another bug with it's own logo and website has appeared:
www.mailsploit.com.
In the same vein and somewhat off-topic from an MD solution, here's a
solution via Apache SpamAssassin that I'm soliciting feedback regarding
on the SA users mailing list.
I've added these rules to KAM.cf and would appreciate feedback.
#MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the idea
#NUL
header __KAM_MAILSPLOIT1 From =~ /[\0]/
describe __KAM_MAILSPLOIT1 RFC2047 Exploit
https://www.mailsploit.com/index
#\n Multiple inthe From Header
header __KAM_MAILSPLOIT2 From =~ /[\n]/
describe __KAM_MAILSPLOIT2 RFC2047 Exploit
https://www.mailsploit.com/index
tflags __KAM_MAILSPLOIT2 multiple maxhits=2
meta KAM_MAILSPLOIT (__KAM_MAILSPLOIT1 || (__KAM_MAILSPLOIT2
>= 2))
describe KAM_MAILSPLOIT Mail triggers known exploits per
mailsploit.com
score KAM_MAILSPLOIT 10.0
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
