Ty can you throw me a sample? I also think I am blocking it with me and will post on that list about it once i analyze it a bit. Regards, KAM
On November 8, 2017 7:45:28 AM PST, Dianne Skoll <d...@roaringpenguin.com> wrote: >Hi, > >Heads-up: We're seeing weird new malware with a subject that looks like > > Invoice XXXnnnn > >where XXX is two or three random upper-case letters and nnnnn is a >series >of digits. What's weird is that the Content-Type: header looks like >this: > >Content-Type: multXXXart/mixed > >where the XXX is the same as in the subect. That is, a message >with subject "Invoice UUI8187685" has Content-Type "multUUIart/mixed". >This >is fooling our MIME parser because it doesn't see the container as a >multipart. Does any client software? > >Anyway, might want to make rules for this. > >Regards, > >Dianne.