Enable scanning of application/hta per default #89
Assignees
Comments
Clevero
changed the title
|
We will get around to this, stay tuned ;-) |
|
With the new generic ruleset you can create an expression to test .hta files |
|
For example: This will enforce Cuckoo analysis for Feel free to reopen |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Malware in the form of a .hta file are not covered by default
Expected Behavior
Files with the mime type of application/hta are scanned per default
Context (Environment)
Discovered some older mails before peekaboo was in production and tested those against peekaboo and they were not filtered because text/html was on the whitelist of mime types
Detailed Description
Example files:
https://sandbox.pikker.ee/analysis/1151123/summary/
https://www.virustotal.com/gui/file/f5d7c7b182b6db23f2bba773d39ba78730fc5ad8171e3dc06e8d02ea885ff1f9/details
I can also provide the original .hta files if needed
The text was updated successfully, but these errors were encountered: