Den 2012-07-26 02:34, Chip M. skrev:
Full sample (with mildly/obviously redacted email addresses):
http://puffin.net/software/spam/samples/0012_malware_zip_fake.txt
in opendkim.conf
ADSPAction reject
if linkedin do there homework :=)
On Wed, 25 Jul 2012, Chip M. wrote:
Note that none of these is hitting test "T_HTML_ATTACH".
I will fix that so it does not depend on the filename being in the
Content-Type header.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11
On Wed, 25 Jul 2012, Chip M. wrote:
There's yet another variant in the ongoing campaign of HTML file
attachments with javascript malware payloads. :(
The trick is that it sets the Content-Type to "application/zip",
and uses an ".htm" file extension, for example (actual spam):
Content-Ty
There's yet another variant in the ongoing campaign of HTML file
attachments with javascript malware payloads. :(
The trick is that it sets the Content-Type to "application/zip",
and uses an ".htm" file extension, for example (actual spam):
Content-Type: application/zip
Content-Tr
