|
|
|
|
|
|
|
|
description = "Encrypted archive in a message"; |
|
|
description = "Encrypted archive in a message"; |
|
|
one_shot = true; |
|
|
one_shot = true; |
|
|
} |
|
|
} |
|
|
|
|
|
"MIME_OBFUSCATED_ARCHIVE" { |
|
|
|
|
|
weight = 8.0; |
|
|
|
|
|
description = "Archive has files with clear obfuscation signs"; |
|
|
|
|
|
one_shot = true; |
|
|
|
|
|
} |
|
|
"MIME_EXE_IN_GEN_SPLIT_RAR" { |
|
|
"MIME_EXE_IN_GEN_SPLIT_RAR" { |
|
|
weight = 5.0; |
|
|
weight = 5.0; |
|
|
description = "EXE file in RAR archive with generic split extension (e.g. .001)"; |
|
|
description = "EXE file in RAR archive with generic split extension (e.g. .001)"; |