2.1.1.2 | Bad Entry Responder - Unisave/mailBus GitHub Wiki

Functions

• Post process triggered only when a suspicious or invalid element is detected in the trojans input stream data during the data gathering is in transaction from the recipient mail interface.
• Can be triggered during any 3 possible scenarios (currently configured):
  • Invalid element or possible scripting detected in mail token
  • Invalid syntax or possible scripting detected in IP
  • Invalid syntax or possible scripting detected in recorded date/time combo
• On activation, logging of all possible information is re performed, collected and routed to a isolated sanitisation script
• The sanitisation script then isolated any possible vulnerable elements from data using multiple custom filters and functions programmed into its suite.
• The sanitised information is then sent to a blackbox script which updates the information into the db and blacklists all information related to the mail (like user/tokens/ip address) until post mortem of information

Language: python

Location: BackEnds/entryFilters/suspiciousEntry.py