On Wed, 18 Dec 2024 11:01:06 +0100, giova...@paclan.it wrote: > > On 12/17/24 8:47 PM, Alex wrote: > > Hi, > > > > It's been a while since I've seen a password-protected zip or PDF, but I > > got one today that wasn't tagged and was hoping someone might have some > > ideas. > > https://pastebin.com/msPCQHyD <https://pastebin.com/msPCQHyD> > > > > I've created some basic body and attachment rules, but would be interested > > in hearing thoughts (either directly or using theĀ above to improve your own > > rules) from others about how to block them. > > > > At the least, it should have been identified by clamav. > > > That email hits SEM_FRESH and GMD_PDF_ENCRYPTED (this needs > Mail::SpamAssassin::Plugin::PDFInfo), it seems a good start for a meta rule. > Giovanni
But SEM_FRESH is commented in the sources... -- wbr, Kirill
