European hackers
THUNDERBIRD: I've been getting hacker/phishing e-mails on one of my accounts. These are usually but not always from different EU countries. I have message filters that gets most but not all of them. The hacker e-mails are full of random /ab/cd/... hex characters. I think they're trying to use some sort of buffer overflow exploit. I don't think you have it. They also send short message with "click here to unsubscribe" and not much else. (Naturally, I don't "click here".)
I have two questions: 1) It's not clear on the message filters whether I should delete them before or after the junk filter. Either way some of them seem to sneak through to the trash folder. What's the recommended setting so that the filter action takes place? (Filter action == delete) 2) I tried adding a check in the message body for /ad/ or something else. With the body containing all sorts of /hex-pair/ random stuff, the check was pretty sure to hit. The delete action never seemed to work. (Sometimes clicking on the inbox then back to the trash folder gets rid of them. Sometimes not.) These apparent attempt to exploit buffer overflow messages do not contain normal written text.
Maybe you could help me find some other way of auto-deleting this junk. It comes in with all sorts of random subject titles that I can tell are this spam, but would be hard to auto-detect without a sophisticated AI.
Променено на
Избрано решение
Attempting to fight spam messages with static filters is futile. Better use the built-in junk mail controls. https://support.mozilla.org/kb/thunderbird-and-junk-spam-messages
Email messages are plain text, there is no binary content in an email message. Hence there is no way causing a buffer overflow from just opening an email message.
Прочетете този отговор в контекста 👍 1Всички отговори (2)
Избрано решение
Attempting to fight spam messages with static filters is futile. Better use the built-in junk mail controls. https://support.mozilla.org/kb/thunderbird-and-junk-spam-messages
Email messages are plain text, there is no binary content in an email message. Hence there is no way causing a buffer overflow from just opening an email message.
The message that contained large meaningless text looked like they might have been a buffer overflow attack. I'm pretty confident that Thunderbird isn't vulnerable to that, but other mail readers exist. I haven't been been using the junk filter approach but will start doing that immediately. You're right, static filters are futile.
Thanks for your advice. It's helpful and spot on.