On Mon, 24 Jul 2017 18:00:33 -0400 Alex wrote: > This one's probably already on some blacklists, but I'm still > blocking others: > > https://pastebin.com/p7EnFNf7
It seems to be common for this kind virus spam to pass itself off as an invoice. You might try creating a rule that checks for this kind of language and meta it with KAM_LAZY_DOMAIN_SECURITY.
