I have a solution with ClamAV for any image that is "not allowed". I my case i
create a md5sum from images i don't want to receive and but them into hashtable.
This Hashtable place into /var/lib/clamav/NAME.hsb
/var/lib/clamav/NAME.hsb looks like:
129895eb534a7e568b4284b6860fa93c:1245184:BitcoinImage
hash:size:"VIRUS name"
so any new mail with this attachment get treated as virus
if you want to set score to this image you need this:
in /etc/amavis/conf.d/50-user
insert:
@virus_name_to_spam_score_maps =
(new_RE( # the order matters!
[ qr'BitcoinImage.UNOFFICIAL' => 999],
));
service amavis restart
done
Am 10.12.19 um 19:03 schrieb Joseph Brennan:
A user here reported a new twist on the bitcoin ransom mail. New to me,
anyway.
From: Casper Mitten <rwbcaprice...@outlook.com>
Sent: Monday, December 9, 2019 10:00 PM
The Subject was a single word, supposedly a password.
The message was a jpg picture of text.
Although it was in English, many vowels were accented special characters.
The recipient was expected to scan a QR code in the picture to get the
bitcoin string!
I'm sending this purely for information. The user's report (as usual) does
not include headers so I don't know what scored. It must have hit a rule
for a message with no text and an image. There isn't much else there.
--
Philipp Ewald
Administrator
DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln
Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail:
philipp.ew...@digionline.de
AG Köln HRB 27711, St.-Nr. 5215 5811 0640
Geschäftsführer: Werner Grafenhain
Informationen zum Datenschutz: www.digionline.de/ds
