Meanwhile, there is RTF spam that's circulating which is currently bypassing the sanesecurity sigs. I've just submitted a sample to Steve, but the db hasn't yet been updated. Here's a sample:
http://pastebin.com/ALsSAmwa The pattern to temporarily stop them involves a meta with __DOC_ATTACH_MT and some body rules. Other ideas welcome. On Wed, Jun 8, 2016 at 5:08 PM, Paul Stead <paul.st...@zeninternet.co.uk> wrote: > > > On 08/06/16 21:39, Paul Stead wrote: > > > > BlockAnyAndAllJS:*:*:\.[Jj][Ss]$:*:*:*:*:*:* > > > Should point out that this may be prone to false positives. The Sane sigs > are scored low, med, high FP risk and can be installed as such. > -- > Paul Stead > Systems Engineer > Zen Internet
