Re: Dealing with links to malicious documents

I had created a plugin to read the headers (just make a HEAD request) of all URIs in an email, and then you can make tests based off them. An example of this would be to look for specific mimetypes at the end of the link, so for example, see if the mimetype is Application/msword. You can find it

Re: Dealing with links to malicious documents

On Tue, 13 Mar 2018, Bill Cole wrote: On 13 Mar 2018, at 14:21 (-0400), John Hardin wrote: d) Don't accept emails from outside your organization that link to hosted documents. The document needs to be attached, so that it can be scanned. Unfortunately this is not feasible if you're not a (at

Re: Dealing with links to malicious documents

On 13 Mar 2018, at 14:21 (-0400), John Hardin wrote: d) Don't accept emails from outside your organization that link to hosted documents. The document needs to be attached, so that it can be scanned. Unfortunately this is not feasible if you're not a (at least semi-)monolithic organization

Re: Dealing with links to malicious documents

Hardin has it right, especially for invoices. "The document needs to be attached, so that it can be scanned."

Re: Dealing with links to malicious documents

>a) Link following >Whether it is only for url shorteners or for all links, simulating a click >could give us info on what will happen, but has implications when the website >interprets that like a click from the user and updates their database in >some >way such as unsubscribing a user.

Re: Dealing with links to malicious documents

2018-03-13 15:13 GMT-03:00 Olivier Coutu : > In the last few months, we have seen an increase of generic emails (e.g. > regarding unpaid invoices) being sent with links to infected legitimate > websites hosting malware. This malware often comes in the form of docs with

Re: Dealing with links to malicious documents

On Tue, 13 Mar 2018, Alex wrote: Hi, On Tue, Mar 13, 2018 at 2:21 PM, John Hardin wrote: On Tue, 13 Mar 2018, Olivier Coutu wrote: In the last few months, we have seen an increase of generic emails (e.g. regarding unpaid invoices) being sent with links to infected

Re: Dealing with links to malicious documents

On 03/13/2018 07:13 PM, Olivier Coutu wrote: In the last few months, we have seen an increase of generic emails (e.g. regarding unpaid invoices) being sent with links to infected legitimate websites hosting malware. This malware often comes in the form of docs with macros e.g.

Re: Dealing with links to malicious documents

Hi, On Tue, Mar 13, 2018 at 2:21 PM, John Hardin wrote: > On Tue, 13 Mar 2018, Olivier Coutu wrote: > >> In the last few months, we have seen an increase of generic emails (e.g. >> regarding unpaid invoices) being sent with links to infected legitimate >> websites hosting

Re: Dealing with links to malicious documents

On Tue, 13 Mar 2018, Olivier Coutu wrote: In the last few months, we have seen an increase of generic emails (e.g. regarding unpaid invoices) being sent with links to infected legitimate websites hosting malware. This malware often comes in the form of docs with macros e.g.

Dealing with links to malicious documents

In the last few months, we have seen an increase of generic emails (e.g. regarding unpaid invoices) being sent with links to infected legitimate websites hosting malware. This malware often comes in the form of docs with macros e.g. https://pastebin.com/VHz41RUL In a lot of cases, neither the