English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
PDF attachment with only a phishing link inside
-
hello,
I would like to know if SecurityGateway is able to detect an email containing a PDF attachment with only a phishing link inside the PDF.
Perhaps using a Sieve script?
Thank you for your help,
Jean
-
Can you upload a copy of a message you are trying to detect?
https://mdaemon.sharefile.com/r-rc3922c1eed334d4dbf5e34f0bd04ccd6
-
Hello Arron,
Sorry, I don't have any examples as I've already deleted everything.
-
The next time you receive one, can you upload it to us so we can take a look at it?
-
I'm also seeing a lot of these, I have uploaded an example to your sharefile.
-
@Adam It looks like that MSG file you uploaded was exported from Outlook. Can you go to the MDaemon server and get the MSG file from the user's mailbox and upload it to us so we can see all the header?
-
@Adam Nevermind, I found another way. The first thing I did was submitted it to spamfn@mdaemon.com so that it can be analyzed for Outbreak Protection. Please submit any spam messages that are not flagged as spam by outbreak protection. To submit them you'll need to use the Forward as attachment option.
I also processed the message through SpamAssassin and found a rule that should help catch these messages. To use the rule you'll need to edit your C:\Program Files\MDaemon Technologies\SecurityGateway\SpamAssassin\rules\local.cf file using a text editor such as notepad++. You should not use notepad.exe as it may change the format of the file and SpamAssassin won't be able to read it. Before you edit the file, you should make a backup copy of it, just in case. Add the following below the last line of the file:
score T_FREEMAIL_DOC_PDF 1.0In the example above 1.0 is the score that will be added to messages that match the rule. You can adjust that value however you see fit.
Save the file and then restart SecurityGateway.
-
@Arron thank you, will try out that setting.
