Phishing version and mailto: tag

Julian Field mailscanner at ecs.soton.ac.uk
Tue Nov 30 12:22:56 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Interesting one that, I had already put in some code to handle mailto
links. However, I have added some more so that it doesn't bother
checking mailto links at all, as sending an email to one address instead
of another is (a) obvious and (b) relatively harmless.

Leonard Hermens wrote:

> Hello,
>
> I am running MailScanner version 4.35.11 and Message.pm version
> 1.126.2.172
> (2004/11/29) on Red Hat Linux 9, Perl 5.8.0
>
> I am still getting phishing fraud notices when the mailto: doesn't match
> the URL text, for example:
>
> Nov 29 14:24:48 lxclk0100 MailScanner[29724]: Found phishing fraud from
> xxxxx.yyyyy at domain.com claiming to be mailto:xxxxx.yyyyy at domain.com in
> iATMOTr29939
>
> I seem to recall that Message.pm was patched to allow this to pass.
>
> Do I need to run 4.36.1-1 for mailto: to check correctly with the latest
> Message.pm? Or should 4.35.11 be okay? I'm just a bit versioning confused
> right now. :)


--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Application/X-ZIP-COMPRESSED  54KB. ]
    [ Unable to print this part. ]




More information about the MailScanner mailing list