We've gotten a few phishing messages recently that PhishML has labeled as 100% clean and it looks like a limitation in PhishML. The messages are typical fake invoices but instead of the contents being in the body of the email, the body is empty and the contents are in an attached PDF. I can't find anywhere in the documentation that PhishML does anything with attachments. Since the attachment itself is benign, simply containing instructions and not malware, VirusTotal also says it's clean.
If PhishML was able to read contents of attachments and score those as well, I think it would be helpful. I know that it probably wouldn't be able to read through text stored as images, or complex spreadsheets, so there would probably be caveats if such a feature was implemented. However, something is usually better than nothing, so I thought I would bring it up.
Kirjaudu sisään jättääksesi kommentin.