On Thu, 7 May 2020, RW wrote:
On Thu, 7 May 2020 11:39:07 -0700 (PDT)
John Hardin wrote:
100% 4-byte UTF8? That should be trivially easy to detect.
Comments solicited.
body __4BYTE_UTF8_WORD
/(?:\xf0\x9d[\x9a-\x9f][\x80-\xff]){3,10}/ tflags
__4BYTE_UTF8_WORD multiple, maxhits=10
On Thu, 7 May 2020 11:39:07 -0700 (PDT)
John Hardin wrote:
> 100% 4-byte UTF8? That should be trivially easy to detect.
>
> Comments solicited.
>
>body __4BYTE_UTF8_WORD
> /(?:\xf0\x9d[\x9a-\x9f][\x80-\xff]){3,10}/ tflags
> __4BYTE_UTF8_WORD multiple, maxhits=10 meta
> SUSP_UTF8_WO
On Thu, 7 May 2020, Brent Clark wrote:
Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
This is new, too:
[π²π°ππ΄ ππ΄π½ππΈππΈπ
π΄ ππππ’ & πππππ ππ, πππ ππππππ * ππππ ππ]
...obfuscating the b
On Thu, 7 May 2020, Brent Clark wrote:
Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
100% 4-byte UTF8? That should be trivially easy to detect.
Comments solicited.
body __4B
Brent Clark wrote:
> Hi Rick
>
> Will you be willing to share your Exim and SA rules / code?
> So that the community can benefit from your finding and work.
>
Pretty standard exim acl
The DataWhitelisted portion is calculated from several other items so that
would be up to you if you even wanted
Hi Rick
Will you be willing to share your Exim and SA rules / code?
So that the community can benefit from your finding and work.
Regards
Brent Clark
On 2020/05/05 20:00, Rick Cooper wrote:
Henrik K wrote:
On Tue, May 05, 2020 at 12:51:36PM -0400, Rick Cooper wrote:
We received a couple emai
Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
Regards
Brent
On 2020/04/22 16:44, Brent Clark wrote:
I want to add, I tried this as well, and it *did* match. But it feels
clunky.
http
