AW: Rechnung offline Spam
Holger Gebhard
holger at gebhardweb.de
Fri Jun 13 10:06:06 IST 2014
Hi Johan,
this is my current anti-phishing rule for the telekom spams. If the spammers
change the messages from time to time you must tweak the regex a little bit.
header __PHISHING_TXT_14060401 Subject =~ /RechnungOnline Monat/i
body __PHISHING_TXT_14060402 /(?:als Anlage (?:ist|erhalten
Sie)|diese Nachricht finden Sie) die Rechnung \d+ als
PDF.{1,5}(?:Datei|Anhang)/i
body __PHISHING_TXT_14060403
/rechnung(?:_|-)(?:januar|februar|m.rz|april|mai|juni|juli|august|september|
oktober|november|dezember)((?:_|-)201\d)?(?:_|-)(?:\d|-)+((?:_|-)sign?)?\.zi
p/i
meta TELEKOM_PHISHING_01 (__PHISHING_TXT_14060401 &&
__PHISHING_TXT_14060402 && __PHISHING_TXT_14060403)
score TELEKOM_PHISHING_01 5.0
describe TELEKOM_PHISHING_01 Typical phishing message parts
Best regards
Holger
-----Ursprüngliche Nachricht-----
Von: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Johan
Hendriks
Gesendet: Mittwoch, 11. Juni 2014 15:42
An: MailScanner List (mailscanner at lists.mailscanner.info)
Betreff: Rechnung offline Spam
Hello all.
I am trying to stop some spam but it seems MailScanner just lets them
pass...
It is about mail with the following Subject.
RechnungOnline Monat Juni 2014 (Buchungskonto: 4660367728)
So i made a custum.cf file with the following
header TELECOM_SUBJECT Subject =~ /RechnungOnline/i
score TELECOM_SUBJECT 5.1
describe TELECOM_SUBJECT Telekom spam
Is my rule not ok, and is it looking for a subject ONLY with RechnungOnline
??
Secondly the mail contains a Trojan and that also is getting through?
Could someone please help me.
regards
Johan
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list