New attachment type?
Shawn Iverson
shawniverson at summitgrid.com
Mon Oct 10 09:39:49 UTC 2022
I've seen a few of these kind. You can use mailscanner to look for an
attachment simply named "open$" in this case or try looking for a
generic pattern such as [a-z0-9]+[^\.] (I haven't tried a negative
regex in MailScanner so not sure offhand if that will work.
In SA you can also use mimeheader to do a similar check. I do know you
can use a negative there.
On 10/10/22 04:16, mailscanner at barendse.to wrote:
> Hello list
>
> Just received a new virus mail where the body of the text is asking to
> "update" IMAP adress blabla
>
> There is a 159 byte attachment with the email named "open" without any
> extension at the end. Outlook does seem to recognize it as there it
> places an icon before the attachment (windows logo at the top with a
> rectangle at the bottom).
>
> Is anyone else seeing this, how can I stop it or how can I block
> attachments without extension?
>
> Thanks!!
> Remco
>
>
More information about the MailScanner
mailing list