4.35.9: phishing fraud syslogs
Jeff A. Earickson
jaearick at COLBY.EDU
Tue Nov 2 14:23:08 GMT 2004
Julian,
Also, please remove the word "attack" from this line when you
tweak it, eg:
Found phishing fraud in iA25FnB7002189 from http://(etc)
My syslog summarizer (logcheck,
http://www.smittyware.com/contrib/psionic.php/) generates lots
of compliants when it sees the word "attack" in the syslog.
Thanks.
Jeff
On Tue, 2 Nov 2004, Jeff A. Earickson wrote:
> Date: Tue, 2 Nov 2004 07:15:34 -0500
> From: Jeff A. Earickson <jaearick at colby.edu>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: 4.35.9: phishing fraud syslogs
>
> Julian,
>
> Please tweak the syslog message for phishing fraud to include
> the message ID, something like:
>
> Found phishing fraud attack in iA25FnB7002189 from http://(etc)
>
> The message ID is always important when grepping the syslog.
> Thanks.
>
> Jeff Earickson
> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list