You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2017/12/14 07:46:11 UTC
[Bug 7521] New: Add rule for Mailsploit
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7521
Bug ID: 7521
Summary: Add rule for Mailsploit
Product: Spamassassin
Version: unspecified
Hardware: PC
OS: OpenBSD
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: giovanni@paclan.it
Target Milestone: Undefined
Created attachment 5497
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5497&action=edit
Mailsploit rule
In KAM.cf Kevin has added a rule to detect Mailsploit and users start asking
for that rule, what about adding to the default rules with a lower score ?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7521] Add rule for Mailsploit
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7521
Henrik Krohns <ap...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apache@hege.li
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from Henrik Krohns <ap...@hege.li> ---
Closing stale bug. If it's still relevant, feel free to work on it..
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7521] Add rule for Mailsploit
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7521
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@apache.org
--- Comment #1 from Kevin A. McGrail <km...@apache.org> ---
Yes, I'll get the version with more control chars committed to my sandbox.
However, I don't predict it will get autopromoted because of no hits in the
real world. Give me a few days.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7521] Add rule for Mailsploit
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7521
--- Comment #2 from Kevin A. McGrail <km...@apache.org> ---
New Version for feedback. I've expanding the control char check.
#MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the idea
#All Control chars like NUL except \n which should exist once legitimately
header __KAM_MAILSPLOIT1 From =~ /[\x00-\x09\x0b-\x1f]/
describe __KAM_MAILSPLOIT1 RFC2047 Exploit https://www.mailsploit.com/index
#\n Multiple in the From Header
header __KAM_MAILSPLOIT2 From =~ /[\n]/
describe __KAM_MAILSPLOIT2 RFC2047 Exploit https://www.mailsploit.com/index
tflags __KAM_MAILSPLOIT2 multiple maxhits=2
meta KAM_MAILSPLOIT (__KAM_MAILSPLOIT1 || (__KAM_MAILSPLOIT2 >= 2))
describe KAM_MAILSPLOIT Mail triggers known exploits per mailsploit.com
score KAM_MAILSPLOIT 10.0
--
You are receiving this mail because:
You are the assignee for the bug.