From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 84B0D1FF15C for ; Wed, 27 Nov 2024 01:41:17 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B0BA4D8DE; Wed, 27 Nov 2024 01:41:16 +0100 (CET) To: "=?utf-8?B?UHJveG1veCBWRSBkZXZlbG9wbWVudCBkaXNjdXNzaW9u?=" Date: Wed, 27 Nov 2024 08:40:41 +0800 References: In-Reply-To: MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: James Brown via pve-devel Precedence: list Cc: =?utf-8?B?SmFtZXMgQnJvd24=?= X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE development discussion List-Help: Subject: Re: [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config Content-Type: multipart/mixed; boundary="===============6726009661698858586==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" This is a multi-part message in MIME format. --===============6726009661698858586== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with UTF8SMTPS id BB64CCA933 for ; Wed, 27 Nov 2024 01:41:15 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with UTF8SMTP id 948C4D507 for ; Wed, 27 Nov 2024 01:40:45 +0100 (CET) Received: from out162-62-57-49.mail.qq.com (out162-62-57-49.mail.qq.com [162.62.57.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with UTF8SMTPS for ; Wed, 27 Nov 2024 01:40:43 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1732668041; bh=9OQbr3RXtFU+8Mea8HBY+Jm98TKU+128wM2ftw8jmtI=; h=From:To:Subject:Date:References:In-Reply-To; b=rzeYKtnOFemwvmKhpbfeuZ/6PafmtZrdu9m15WCT28oljw9qEJiJqVkjcGWi/IxJZ cWF0DaUT7Uz6pMzn2vc+NnpYafQVbmH6E8z6WuHm1VPs6S88fSS/bOp5axj4/ytC1q cm/Omo0Bj9fC/9dyGl9ybfiosqicaOMUzBV9CZ1o= X-QQ-XMRINFO: MPJ6Tf5t3I/ycC2BItcBVIA= X-QQ-XMAILINFO: NUqkJ6yBjP1Rv1AHjown/ybbdH1j8kxIkR3b8GOPvTTKzrxM0Y5g2Jo1oqCCbm qmDp4sQTJL/onsUbiWKR7g4DZqEQ/l7aa6dVWtwJZLV6OeFx7a79Xpm1BQpt/KGaCv544KjUHWcTz T/eJoXPF13tTaBL+6Nb/5ZAELxFpfYJKybHKF6EXIqgBcd+nQCKxJ+fANll3OGTZg1Ns/2zA12FtW 9Vsq+w28dMdpKo/NIulZJeGrYE9BL1GRSecgIBXhK3E+tGUi9bIKZbNqE+0N/EwV9J2gPLi8Q9lFK uuLMY3a3za2ISkWtE19i7BYBdpStRXn4fNQ6+538srtyI5CfdPKkwabo3nULpgS+lxnYhMmM+jtjv pb0/K2hVwE01+CP5gyd5++miO2b5QGCuZ9SzzroFahqXVtNS/wm3UPiG6zFgrhxP9F414UJlKyAYx rvz/mqMZciDrl33/h4NDHuG1u0Gh8Dj13WxDCIEcEsqT0XL3L4yfmdB48lu4XIfrulQDWsaBr+GTX u69xXjS/L/p30fH7hyNLeVc8p2XHBpA77sxSgo3wdmiz+i2TkC8Sm+K8yk3v6YG3Zhhb3cNquOKDm 0uHRFZCFu5LKn5ByYQomC08guDWexW6bsLtU+Re+ey0nP+w+haK2L2dZnjuC9KLlgObeHLQd2PLfo +m7RwOEdZOfHARDacQDdlpVP9exUni0r3V/ps+Lapkoha7OY/WpX1krWTqatBU190P6r4MV/zeU6b OGAVuf2IMvOyrdA8hoGirAXsmn6fPJzYpXqZcu7BO1K2ie9cF6YkugpRVoYqdZIE6+bu9Pub7Th/M 8q4IuO9D1XQbk5I0t161Cvc2KpBf6BwNAsJXvzIcBHbNbWxqqosddouKqWjEkkDDupEt96CduG3Ar 1OARfz00l7Wh54sxt2OJLy8SicB+S0zN/kUBxjRt4YPBgsyLnPrQfqSwtk+/e9RCgZLTGjVLnjZ74 n3V/v0r52UMgYdZkr1b01QTaOA3sR+9nLdlSpM1PUc4zxKFtthDIRe6JYWPzHWWNJmCHBDIF9qKzg rEKniAJbUi4N4ixk= From: "=?utf-8?B?SmFtZXMgQnJvd24=?=" To: "=?utf-8?B?UHJveG1veCBWRSBkZXZlbG9wbWVudCBkaXNjdXNzaW9u?=" Subject: Re: [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config Mime-Version: 1.0 Date: Wed, 27 Nov 2024 08:40:41 +0800 X-Priority: 3 Message-ID: X-QQ-MIME: TCMime 1.0 by Tencent X-Mailer: QQMail 2.x X-QQ-Mailer: QQMail 2.x References: In-Reply-To: X-QQ-mid: xmappua3-0t1732668041thn720lk3 X-SPAM-LEVEL: Spam detection results: 2 AWL 0.600 Adjusted score from AWL reputation of From: address BAYES_05 -0.5 Bayes spam probability is 1 to 5% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider FROM_EXCESS_BASE64 0.001 From: base64 encoded unnecessarily HELO_DYNAMIC_IPADDR 1.951 Relay HELO'd using suspicious hostname (IP addr 1) HTML_MESSAGE 0.001 HTML included in message POISEN_SPAM_PILL_4 0.1 random spam to be learned in bayes RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RDNS_DYNAMIC 0.982 Delivered to internal network by host with dynamic-looking rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com,foxmail.com] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 VGhpcyBpcyBub3QgYSBzcGFtLg0KDQoNCg0KLS0tT3JpZ2luYWwtLS0NCkZyb206ICJKYW1l cyBCcm93biB2aWEgcHZlLWRldmVsIjxwdmUtZGV2ZWxAbGlzdHMucHJveG1veC5jb20mZ3Q7 DQpEYXRlOiBXZWQsIE5vdiAyNywgMjAyNCAwODozMSBBTQ0KVG86ICJGYWJpbyBGYW50b25p IHZpYSBwdmUtZGV2ZWwiPHB2ZS1kZXZlbEBsaXN0cy5wcm94bW94LmNvbSZndDs7DQpDYzog IkphbWVzIEJyb3duIjxyYW5kb212b2lkbWFpbEBmb3htYWlsLmNvbSZndDs7DQpTdWJqZWN0 OiBbcHZlLWRldmVsXSBTUEFNOiBbU2VjdXJpdHldIEFyYml0cmFyeSBmaWxlIHJlYWRpbmcg dmlhIG1hbGljaW91c1ZNIGNvbmZpZw0KDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fDQpwdmUtZGV2ZWwgbWFpbGluZyBsaXN0DQpwdmUtZGV2 ZWxAbGlzdHMucHJveG1veC5jb20NCmh0dHBzOi8vbGlzdHMucHJveG1veC5jb20vY2dpLWJp bi9tYWlsbWFuL2xpc3RpbmZvL3B2ZS1kZXZlbA== --===============6726009661698858586== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============6726009661698858586==--