>
> > I don't know how to extract mail addresses of body, using SA. But you can
> > query each mail address at our URIBL, like a hostname but using scape for
> > arroba:
> >
> > ubuntu@matrix:~$ host flinn.flexer\@runtriz.com.uribl.spfbl.net
> > flinn.flexer\@runtriz.com.uribl.spfbl.net has address
Hi,
>> https://pastebin.com/CEuFfb7K
>>
>> Of course these can be reported to wetransfer (although I don't see a
>> direct way in the email itself), but my users are super sensitive to
>> these, and we won't be around long if this continues.
>>
>> Ideas on how to block these are greatly appreciate
Hi,
https://pastebin.com/CEuFfb7K
>>>
>>>
>>> is this pdf sendt to virustotal.com ?
>>>
>>> does it survice clamav testing ?
>>
>>
>> It appears it's not widely recognized by virustotal scanners and not
>> currently identified by clamav. I've reported it to clamav.
>>
>> It's a phish that isn
On 03/17/2018 06:34 PM, Alex wrote:
Hi,
On Sat, Mar 17, 2018 at 12:25 AM, Benny Pedersen wrote:
Alex skrev den 2018-03-17 02:28:
https://pastebin.com/CEuFfb7K
is this pdf sendt to virustotal.com ?
does it survice clamav testing ?
It appears it's not widely recognized by virustotal scann
Hi,
On Sat, Mar 17, 2018 at 12:25 AM, Benny Pedersen wrote:
> Alex skrev den 2018-03-17 02:28:
>
>> https://pastebin.com/CEuFfb7K
>
> is this pdf sendt to virustotal.com ?
>
> does it survice clamav testing ?
It appears it's not widely recognized by virustotal scanners and not
currently identifi
2018-03-16 22:28 GMT-03:00 Alex :
> Hi,
>
> wetransfer.com is being used to send links to PDF phishing documents.
> It's otherwise a trusted service, and there's really nothing in the
> body to indicate it's dangerous or any different than other legitimate
> uses for the same service.
>
> https://
