You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2017/12/14 07:46:11 UTC

[Bug 7521] New: Add rule for Mailsploit

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7521

            Bug ID: 7521
           Summary: Add rule for Mailsploit
           Product: Spamassassin
           Version: unspecified
          Hardware: PC
                OS: OpenBSD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules
          Assignee: dev@spamassassin.apache.org
          Reporter: giovanni@paclan.it
  Target Milestone: Undefined

Created attachment 5497
  --> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5497&action=edit
Mailsploit rule

In KAM.cf Kevin has added a rule to detect Mailsploit and users start asking
for that rule, what about adding to the default rules with a lower score ?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7521] Add rule for Mailsploit

Posted by bu...@spamassassin.apache.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7521

Henrik Krohns <ap...@hege.li> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |apache@hege.li
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Henrik Krohns <ap...@hege.li> ---
Closing stale bug. If it's still relevant, feel free to work on it..

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7521] Add rule for Mailsploit

Posted by bu...@bugzilla.spamassassin.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7521

Kevin A. McGrail <km...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kmcgrail@apache.org

--- Comment #1 from Kevin A. McGrail <km...@apache.org> ---
Yes, I'll get the version with more control chars committed to my sandbox. 
However, I don't predict it will get autopromoted because of no hits in the
real world.  Give me a few days.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7521] Add rule for Mailsploit

Posted by bu...@bugzilla.spamassassin.org.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7521

--- Comment #2 from Kevin A. McGrail <km...@apache.org> ---
New Version for feedback.  I've expanding the control char check.

#MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the idea
 #All Control chars like NUL except \n which should exist once legitimately
header   __KAM_MAILSPLOIT1   From =~ /[\x00-\x09\x0b-\x1f]/
describe __KAM_MAILSPLOIT1   RFC2047 Exploit https://www.mailsploit.com/index

 #\n Multiple in the From Header
header   __KAM_MAILSPLOIT2    From =~ /[\n]/
describe __KAM_MAILSPLOIT2    RFC2047 Exploit https://www.mailsploit.com/index
tflags   __KAM_MAILSPLOIT2    multiple maxhits=2

meta            KAM_MAILSPLOIT  (__KAM_MAILSPLOIT1 || (__KAM_MAILSPLOIT2 >= 2))
describe        KAM_MAILSPLOIT  Mail triggers known exploits per mailsploit.com
score           KAM_MAILSPLOIT  10.0

-- 
You are receiving this mail because:
You are the assignee for the bug.