Extension I'm working on
Ken A
ka at pacific.net
Thu Oct 5 15:20:12 UTC 2006
Sounds interesting. How do you generate the DNS zone? Why not make it an
SA plugin, similar to the 'urirhssub' tests, so it could take advantage
of scoring system and wider testing?
Ken A.
Pacific.Net
Matt Hampton wrote:
> I was bored last night so I have started writing an extension to
> MailScanner which sits alongside the content rules.
>
> Basically it reads the message, identifies any URL's (actually I'm
> hacking the Phishing code to store the URLs for me to save parsing the
> message twice) and the it looks up the full URL in a DNS lookup, if that
> returns NXDOMAIN then it looks up the host part.
>
> It does this via and md5 of the URL so that it is anonymous.
>
> A successful DNS lookup will return a TXT record of the format:
>
> "Adult/Image_Galleries/Fetishes"
>
> The data is based on the DMOZ classification.
>
> This could then be used as the basis of a Block list:
>
> "Adult/Image_Galleries/Midgets" Allow # That has to be worth a look ;-)
> "Adult" Block
>
> I currently only have the "Adult" branch of the data in a DNS zone -
> this has 46,000 entries and is running at 3.2Mb. The full zone file is
> 0.5 Gb.
>
> Is this worth continuing with? Can anyone see a use for this?
>
> matt
More information about the MailScanner-Beta
mailing list