Thanks. I've used cdn.discord in the fake delivery rules. From this
thread, I've gone through my corpora for a few years and have 18
spamples from Oct 2019 to-date with the abuse.
So it's rare but I've added a DISCORD rule to KAM.cf but I also checked
my ham corpora and the rules are safe for legit discord messages. It
hits on every one of my spamples.
Anyway, just pushed a pretty big KAM.cf update so please let me know how
it works on your mail.
Regards,
KAM
On 7/26/2021 2:17 PM, Gary Smith wrote:
I received one today as well. First time I have seen this type.
It was a pretty well drawn thread overall, they are stepping it up
________________________________________
From: Alan <spamassassin.tw...@ambitonline.com>
Sent: Monday, July 26, 2021 10:56:29 AM
To: users@spamassassin.apache.org
Subject: Discord used to share malware
Not sure if this is news or not but it's the first time I've seen this.
I got a fake "here's the invoice" message with a link to a Excel Macro
file from
https://cdn.discordapp.com/attachments/{redacted}.xlsm
This thing slipped in with a score of 0.4, KAM_NUMSUBJECT being the only
trigger of significance. Reported the link to Discord.
--
For SpamAsassin Users List
--
Kevin A. McGrail
kmcgr...@apache.org
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
