Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
Regards
Brent
On 2020/04/22 16:44, Brent Clark wrote:
I want to add, I tried this as well, and it *did* match. But it feels
clunky.
http
Hi Rick
Will you be willing to share your Exim and SA rules / code?
So that the community can benefit from your finding and work.
Regards
Brent Clark
On 2020/05/05 20:00, Rick Cooper wrote:
Henrik K wrote:
On Tue, May 05, 2020 at 12:51:36PM -0400, Rick Cooper wrote:
We received a couple emai
Brent Clark wrote:
> Hi Rick
>
> Will you be willing to share your Exim and SA rules / code?
> So that the community can benefit from your finding and work.
>
Pretty standard exim acl
The DataWhitelisted portion is calculated from several other items so that
would be up to you if you even wanted
On Thu, 7 May 2020, Brent Clark wrote:
Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
100% 4-byte UTF8? That should be trivially easy to detect.
Comments solicited.
body __4B
On Thu, 7 May 2020, Brent Clark wrote:
Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
This is new, too:
[π²π°ππ΄ ππ΄π½ππΈππΈπ
π΄ ππππ’ & πππππ ππ, πππ ππππππ * ππππ ππ]
...obfuscating the b
On Thu, 7 May 2020 11:39:07 -0700 (PDT)
John Hardin wrote:
> 100% 4-byte UTF8? That should be trivially easy to detect.
>
> Comments solicited.
>
>body __4BYTE_UTF8_WORD
> /(?:\xf0\x9d[\x9a-\x9f][\x80-\xff]){3,10}/ tflags
> __4BYTE_UTF8_WORD multiple, maxhits=10 meta
> SUSP_UTF8_WO
On Thu, 7 May 2020, RW wrote:
On Thu, 7 May 2020 11:39:07 -0700 (PDT)
John Hardin wrote:
100% 4-byte UTF8? That should be trivially easy to detect.
Comments solicited.
body __4BYTE_UTF8_WORD
/(?:\xf0\x9d[\x9a-\x9f][\x80-\xff]){3,10}/ tflags
__4BYTE_UTF8_WORD multiple, maxhits=10
