How to block the phishing mails（No malicious characteristics）?

[lloyd]

Hi,
Recently, Some colleagues received phishing mails, the sender is an internal account, the mail include a attachment(word file, not malware). I guess this account have been attacked by hacker...

So, the domains list and antivirus engine can not stop it. I wonder if PMG have resolvent it via some specific rules?
I am not very familiar with the function of PMG, the current filter rules seems can not recognise such a case.
Is there a way to make a rule (for example,match the attachment MD5 signature or match the signature of mail text content)?

Thanks,
Regards.

 

[Stoiko Ivanov]

Is there a way to make a rule (for example,match the attachment MD5 signature or match the signature of mail text content)?

both not out of the box - you can create a custom spamassassin config:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#_custom_spamassassin_configuration
to match parts of the body

for md5 signatures of attachments you might look into creating a clamAV signature for that particular file

Please share the logs of and the e-mail itself of this case - maybe there is something else standing out.

 

[lloyd]

both not out of the box - you can create a custom spamassassin config:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#_custom_spamassassin_configuration
to match parts of the body

for md5 signatures of attachments you might look into creating a clamAV signature for that particular file

Please share the logs of and the e-mail itself of this case - maybe there is something else standing out.

Got it, thanks your guidance, I'll learn it later.