Content-Type custom rule

D

Danúbio Marinho

New Member
Nov 20, 2018
20
2
1
42
Hello,

I identified in a header of a phishing message a image name pattern. Below follow an example:

Content-Type: image/jpeg;
name="1560469802890.jpg"

Are 13 numbers of 0 the 9. Then, i created a custom rule to add a score for theses messages. Bellow has an example:

header JPEG_CT Content-Type =~ /name\=\"\d{13}\.jpg\"/i
score JPEG_CT 5
describe JPEG_CT Blocks phishing messages requesting for ransom

But its not working :(

This rule is correct?
 
Hi,

the rule looks good. Did you restarted the pmg-smtp-filter?:
Code: 
systemctl restart pmg-smtp-filter.service

Greetz
 
The rule is not working. The score doesn't appear in spam info.

I tried to implement using mime header. The new rule is below:

mimeheader JPEG_CT Content-Type =~ /name\=\"\d{13}\.jpg\"/i
describe JPEG_CT Blocks phishing messages requesting for ransom
score JPEG_CT 5.0

But also not working. I'm not sure how it works. The body of suspicious message is an image.

It is necessary enable some plugin for this rule to work?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom