On 12/17/24 8:47 PM, Alex wrote:
Hi,It's been a while since I've seen a password-protected zip or PDF, but I got one today that wasn't tagged and was hoping someone might have some ideas. https://pastebin.com/msPCQHyD <https://pastebin.com/msPCQHyD> I've created some basic body and attachment rules, but would be interested in hearing thoughts (either directly or using theĀ above to improve your own rules) from others about how to block them. At the least, it should have been identified by clamav.
That email hits SEM_FRESH and GMD_PDF_ENCRYPTED (this needs Mail::SpamAssassin::Plugin::PDFInfo), it seems a good start for a meta rule. Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
