Home » Kerio User Forums » Kerio Connect » Blocking malicious click invoice e-mails
  •  
techjohnny

Messages: 8
Karma: 0
Send a private message to this user
Here's a sample for a malicious click e-mail:

From: Pam Rasner [mailto:igalvan<_at_>disariel.mx]
Sent: Monday, December 18, 2017 6:38 PM
To: jearl<_at_>ourdomain.com
Subject: Awaiting for your confirmation

Hello James Earl,


Please find attached copies of invoices as requested which I trust clarifies some of the costs as claimed.

https://badlink



This correspondence and any files transmitted with it are confidential and intended solely for the use of the intended recipient(s) to whom it is addressed.



Thanks

Pam Rasner


---

Is it common for the Kerio Spam Filter not to pickup all spam e-mails that have malicious links to malware?

I don't have the full headers are the moment, but they were very short.

[Updated on: Tue, 19 December 2017 22:29]

  •  
bm

Messages: 56
Karma: 11
Send a private message to this user
This email looks solid. No suspicious content, no keywords, nothing, but is still unwanted. Kerio doesn't have link processing so I don't see any other solutions for auto blocking than make a custom antispam rule and block:

- the sender domain in header (or whole *.mx domain)
- the part of mallware link url in body

[Updated on: Wed, 20 December 2017 07:35]

  •  
freakinvibe

Messages: 491
Karma: 70
Send a private message to this user
Kerio Connect has link checking in its SpamAssassin engine.

It checks links in emails against the following domain blacklists

Spamhaus DBL
SURBL
URIBL

This is also visible in the email headers with entries like

URIBL_BLACK: 1.7,URIBL_DBL_SPAM: 2.5,URIBL_JP_SURBL: 1.25

If you get hold of the headers of such a mail, please post them here.


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Bud Durland

Messages: 478
Karma: 59
Send a private message to this user
We had a few today that I think came from a compromised O365 account. The headers were all legit, using outlook.com, the sender's account etc. The Message was generic "download the invoice here" text. The attachment was a PDF file, and the malicious link was inside the PDF. Got past all our spam/malware filters except the end users, who were all smart enough to be suspicious.
  •  
freakinvibe

Messages: 491
Karma: 70
Send a private message to this user
Kerio does not check links within PDF files, AFAIK. It only checks links within the email body itself.

In Adobe PDF Reader, you can set if you want to warn users or even block them from opening Internet Links for within a PDF file:

https://helpx.adobe.com/acrobat/using/allow-or-block-links-i nternet.html


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Exclude menu button
Next Topic: Restricting SMTP for users
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 15 03:43:26 CET 2018

Total time taken to generate the page: 0.82189 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.