Re: Persistent phishing attacks with word/pdf macros

On Mon, 3 Oct 2016, Axb wrote: On 10/03/2016 09:03 PM, John Hardin wrote: On Mon, 3 Oct 2016, Axb wrote: > On 10/03/2016 07:46 PM, Alex wrote: > > Hi, > > > > These are a real concern. If you receive any kind of real mail > > volume, > > you're receiving these too, and they're not

Re: Persistent phishing attacks with word/pdf macros

On 10/03/2016 09:03 PM, John Hardin wrote: On Mon, 3 Oct 2016, Axb wrote: On 10/03/2016 07:46 PM, Alex wrote: Hi, These are a real concern. If you receive any kind of real mail volume, you're receiving these too, and they're not always being caught by RBLs or virus scanners. Or even our w

Re: Persistent phishing attacks with word/pdf macros

On Mon, 3 Oct 2016 12:02:15 -0700 (PDT) John Hardin wrote: > We need a PDF plugin that will extract text and URLs from PDF > attachments so that they can be scanned as if they were body text. We've written something for extracting URLs. I can't release the code, unfortunately, but you can look

Re: Persistent phishing attacks with word/pdf macros

On Mon, 3 Oct 2016, Axb wrote: On 10/03/2016 07:46 PM, Alex wrote: Hi, These are a real concern. If you receive any kind of real mail volume, you're receiving these too, and they're not always being caught by RBLs or virus scanners. Or even our well-trained bayes. http://pastebin.com/YhL

Re: Persistent phishing attacks with word/pdf macros

On Mon, 3 Oct 2016, Alex wrote: Hi, These are a real concern. If you receive any kind of real mail volume, you're receiving these too, and they're not always being caught by RBLs or virus scanners. Or even our well-trained bayes. http://pastebin.com/YhLBqpKm I used to have some rules that wou

Re: Persistent phishing attacks with word/pdf macros

On 10/03/2016 07:46 PM, Alex wrote: Hi, These are a real concern. If you receive any kind of real mail volume, you're receiving these too, and they're not always being caught by RBLs or virus scanners. Or even our well-trained bayes. http://pastebin.com/YhLBqpKm I used to have some rules that

Persistent phishing attacks with word/pdf macros

Hi, These are a real concern. If you receive any kind of real mail volume, you're receiving these too, and they're not always being caught by RBLs or virus scanners. Or even our well-trained bayes. http://pastebin.com/YhLBqpKm I used to have some rules that would reliably block them, but they're

take a look @ 2 great plugins

http://saplugin.16mb.com/ And tell me how it works Nicola Piazzi CED - Sistemi COMET s.p.a. Via Michelino, 105 - 40127 Bologna - Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it [Descrizione: gc]

R: a .cf to prevent abuse of popular names

adsp_override dhl.com penalize when someone spoof address, for example sent email with @dhl.com without dkim but it doesn't catch when someone use dhl description in From as this example : From: DHL Service d...@infectedpc.com Nicola Piazzi CED - Sistemi COMET s.p.a.

Re: a .cf to prevent abuse of popular names

On 03/10/16 10:14, Nicola Piazzi wrote: # DHL header __AF_DHL_FROM From =~ /([^a-zA-Z0-9]|^)dhl([^a-zA-Z0-9]|\b)/i header __AF_DHL_DOMAIN From =~ /\@dhl.com(>|\b)/i meta AF_VALID_DHL (SPF_PASS || MXPF_PASS || DKIM_VALID_AU) && __AF_DHL_DOMAIN describe AF_VALID_DHL

a .cf to prevent abuse of popular names

What do you think about a antiabuse.popular.domains.cf that contains a lot of paragraphs like this ? # DHL header __AF_DHL_FROM From =~ /([^a-zA-Z0-9]|^)dhl([^a-zA-Z0-9]|\b)/i header __AF_DHL_DOMAIN From =~ /\@dhl.com(>|\b)/i meta AF_VALID_DHL (SPF_PASS || MXPF_PASS || DK