Re: QR code phish?
Hi Alex, we are definitely seeing them. There is code in trunk for this with one of the plugins and rules in the KAM ruleset using the new code. LMK if you need more info. On 2/1/2024 4:06 PM, Alex wrote: Hi, I'm just wondering if there is any mechanism for detecting and blocking QR code emails? Would that require using image detection? Perhaps instead it's a database of known malicious QR codes? Has anyone even really seen any? -- Kevin A. McGrail kmcgr...@apache.org Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
QR code phish?
Hi, I'm just wondering if there is any mechanism for detecting and blocking QR code emails? Would that require using image detection? Perhaps instead it's a database of known malicious QR codes? Has anyone even really seen any?
mimeheader multiple?
SA 3.4.6. Is there any way to create a rule that hits emails with duplicate filename attachments? MAIN HEADER DECLARATION: Content-Type: multipart/mixed; boundary="=-6aIz+S039AYG/4raFdExeg==" BODY PART MIME HEADERS: --=-6aIz+S039AYG/4raFdExeg== Content-Type: application/octet-stream; name=1341251248.pdf Content-Disposition: attachment; filename=1341251248.pdf Content-Transfer-Encoding: base64 --=-6aIz+S039AYG/4raFdExeg== Content-Type: application/octet-stream; name=1341251248.pdf Content-Disposition: attachment; filename=1341251248.pdf Content-Transfer-Encoding: base64 I can hit on the Content-Disposition header regex fine, but tflags/multiple doesn't seem to work here. I'm not sure if this is a problem (1) with the Mimeheader plugin, (2) working as designed, (3) or a fault in my system. Any suggestions? Thanks, -- Jared Hall