[Mimedefang] mailsploit prevention in MD
Kevin A. McGrail
KMcGrail at PCCC.com
Wed Dec 6 06:33:12 EST 2017
On 12/5/2017 7:37 PM, Jan-Pieter Cornet wrote:
> Another bug with it's own logo and website has appeared:
> www.mailsploit.com.
In the same vein and somewhat off-topic from an MD solution, here's a
solution via Apache SpamAssassin that I'm soliciting feedback regarding
on the SA users mailing list.
I've added these rules to KAM.cf and would appreciate feedback.
#MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the idea
#NUL
header __KAM_MAILSPLOIT1 From =~ /[\0]/
describe __KAM_MAILSPLOIT1 RFC2047 Exploit
https://www.mailsploit.com/index
#\n Multiple inthe From Header
header __KAM_MAILSPLOIT2 From =~ /[\n]/
describe __KAM_MAILSPLOIT2 RFC2047 Exploit
https://www.mailsploit.com/index
tflags __KAM_MAILSPLOIT2 multiple maxhits=2
meta KAM_MAILSPLOIT (__KAM_MAILSPLOIT1 || (__KAM_MAILSPLOIT2
>= 2))
describe KAM_MAILSPLOIT Mail triggers known exploits per
mailsploit.com
score KAM_MAILSPLOIT 10.0
Regards,
KAM
More information about the MIMEDefang
mailing list