Phishing Translators please?

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Tue Oct 12 10:27:13 IST 2004


<x-flowed>
Julian

I very rarely see any of these getting through....here my list of extra
rules I run..

70_sare_adult.cf                99_sare_fraud_post25x.cf
70_sare_bayes_poison_nxm.cf
70_sare_genlsubj.cf             antidrug.cf
70_sare_header.cf               backhair.cf
70_sare_header0.cf              bogus-virus-warnings.cf
70_sare_html.cf                 chickenpox.cf
70_sare_oem.cf                  drugads.cf
70_sare_random.cf               evilnumbers.cf
70_sare_ratware.cf              local.cf
70_sare_specific.cf             nazi.cf
70_sare_spoof.cf                random.cf
70_sare_unsub.cf                random.current.cf
70_sare_uri.cf                  spamcop_uri.cf
71_sare_redirect_pre3.0.0.cf
72_sare_bml_post25x.cf          ssl_local.cf
99_FVGT_Tripwire.cf             tripwire.cf

running on SA 2.64 with bayes, SpamcopXBL, surbl and pyzor 'extras'

my ssl_local.cf needs cleaning up as it's duplicating some of the newer
SARE rules, so it's prob double scoring on some of the bayes poison, Mr
Wiggly etc rules.

Any increase since you upgraded to 3.0???

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Julian Field wrote:
> Morning folks,
>
> I have written a Phishing fraud detector. It's not 100% perfect, but it
> should detect most of them. We are finding here that the SURBL phishing
> lists are far from complete, and we regularly get these coming through to
> our end-users.
>
> For those of you who don't know what phishing is....
>
> You get an email claiming to be from your bank / credit card company /
> utility company / whatever. It looks like a perfectly genuine email, it has
> their artwork, disclaimers, everything. There is some text in the message
> inviting you to click on a link in the message. The link looks quite
> normal, e.g. http://www.citibank.com/ or just www.citibank.com. They
> usually look like they want you to confirm security information, or
> re-register your account. But when you click on the link it doesn't take
> you to the bank's real website, it takes you to a plausible-sounding one
> that looks just like your bank's real website, but isn't. You type in
> confidential information of some sort, and the bad guys just managed to
> steal your information. Now they can steal your money and/or identity.
>
> MailScanner detects these and inserts some text into the message to
> highlight the possible fraud, and where it is coming from in reality.
> Please could all you translators out there please translate the following
> text into the language(s) of your choice? Please don't contribute
> translations you aren't 100% sure about, I have no way of telling whose
> translation into Spanish is the best, so probably best to post your
> translations to the list so we can agree on the best ones.
>
> # Used in Phishing Fraud attack detections. The "End" must close all the
> # HTML highlighting done in the "Start".
> PossibleFraudStart = <font color="red"><b>MailScanner has detected a
> possible fraud attempt from
> PossibleFraudEnd = </b></font>
>
> Thanks all!
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list