On 12/18/24 1:09 PM, Kirill A. Korinsky wrote:
On Wed, 18 Dec 2024 11:01:06 +0100, giova...@paclan.it wrote:On 12/17/24 8:47 PM, Alex wrote:Hi, It's been a while since I've seen a password-protected zip or PDF, but I got one today that wasn't tagged and was hoping someone might have some ideas. https://pastebin.com/msPCQHyD <https://pastebin.com/msPCQHyD> I've created some basic body and attachment rules, but would be interested in hearing thoughts (either directly or using theĀ above to improve your own rules) from others about how to block them. At the least, it should have been identified by clamav.That email hits SEM_FRESH and GMD_PDF_ENCRYPTED (this needs Mail::SpamAssassin::Plugin::PDFInfo), it seems a good start for a meta rule. GiovanniBut SEM_FRESH is commented in the sources...
it has hit SEM_FRESH30 on the user's server (see mail headers). Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
