Joe, you might look at enabling the OLEVBMacro plugin and adding the KAM Ruleset, https://mcgrail.com/template/kam.cf_channel, which has rules to help combat these type of spam emails. Regards, KAMKevin, I hesitate to ask here, but, you refer to SA I believe? I've been lurking there regarding the KAM discussion.
Hi Joe, yep, I am referring to a plugin and ruleset for Apache
SpamAssassin, apologies for my lack of clarity. Though we are
working on using our honeypot data to generate a clamav
signature file for malicious content. We've also been working
on tooling to automate it. I thought it was on https://github.com/The-McGrail-Foundation
but perhaps someone made it private by accident but I'll get it
added under mcgrail.com soon. Contact me off-list if you might
be interested in testing/developing!
Regards,
KAM