Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. commits
svn commit: r1891460 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
jhardin at apache
Jul 11, 2021, 2:28 PM
Post #1 of 1 (25 views)
Permalink
Author: jhardin
Date: Sun Jul 11 21:28:27 2021
New Revision: 1891460

URL: http://svn.apache.org/viewvc?rev=1891460&view=rev
Log:
Add mime type subrules that may help detect Zloader

Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1891460&r1=1891459&r2=1891460&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sun Jul 11 21:28:27 2021
@@ -140,6 +140,13 @@ ifplugin Mail::SpamAssassin::Plugin::MIM
describe PHISH_ATTACH Attachment filename suspicious, probable phishing
tflags PHISH_ATTACH publish

+ mimeheader __TEXT_XML_MT Content-Type =~ m,\btext/xml\b,i
+
+ mimeheader __MSO_THEME_MT Content-Type =~ m,\bapplication/vnd.ms-officetheme\b,i
+ mimeheader __X_MSO_MT Content-Type =~ m,\bapplication/x-mso\b,i
+ meta __ATTACH_MSO_MHTML __TEXT_XML_MT && __MSO_THEME_MT && __X_MSO_MT
+
+
else
meta __HTML_ATTACH_01 0
meta __HTML_ATTACH_02 0

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal