Re: Office phish
On Wed, Jun 30, 2021 at 05:41:56PM -0400, Alex wrote:
>
> I modified the ExtractText plugin to also process HTML files
>
> extracttext_externalhtmlcat /usr/bin/cat {}
> extracttext_use htmlcat .htm .html
>
Quite horrible hack, as the result should be _rendered_ text. Inserting raw
HTML for all body rules is probably breaking more things than fixing.
But yeah a "mimebody" ruletype would probably be useful..
Re: Office phish
Hi,
> SpamAssassin has plugins for PhishTank and OpenPhish. I would suggest
> you submit the link to them.
> You can also reach out to the domain provider, hosting provider(s) and
> other companies involved.
> > https://pastebin.com/JMSrY6KU
We've got to do better than that. These O365 phishing attacks are
significant and severe and constant.
I modified the ExtractText plugin to also process HTML files
extracttext_externalhtmlcat /usr/bin/cat {}
extracttext_use htmlcat .htm .html
then created the following rule to look for
Re: Office phish
SpamAssassin has plugins for PhishTank and OpenPhish. I would suggest you submit the link to them. You can also reach out to the domain provider, hosting provider(s) and other companies involved. On 30/06/2021 21:51, Alex wrote: Hi, Would anyone like to help me block this office phish? It includes an HTML file that presents an O365 login page: https://pastebin.com/JMSrY6KU More javascript in an HTML file.
Office phish
Hi, Would anyone like to help me block this office phish? It includes an HTML file that presents an O365 login page: https://pastebin.com/JMSrY6KU More javascript in an HTML file.
