Phishing fraud question

Julian Field mailscanner at ecs.soton.ac.uk
Thu Oct 14 11:37:24 IST 2004


<x-flowed>
Any idea how it's doing it? My approach doesn't use any virus signatures
and works with any virus scanner. Are you getting any false negatives at all?

At 11:05 14/10/2004, you wrote:
>I'm not sure how it works but all phishing mails we seem to get are
>blocked by clamav 0.80-rc3 and marked as a virus.
>
>Haven't seen a single false positive yet.
>
>Maybe ppl could try clamav 0.80-rc3 to see what their results are?
>
>
>
>On Thu, 14 Oct 2004, Julian Field wrote:
>
>>I want your opinion.
>>
>>When things like scripts and forms are detected in emails, they are just
>>quietly disarmed without any subject line tagging at all.
>>
>>Should I do the same with phishing fraud attempts? The warning in the
>>message will be put in right next to the offending link.
>>
>>It's just that phishing detection does detect quite a few false positives
>>due to the stupidity of a lot of newsletter authors who put "fake" links in
>>their material. I don't want people to become used to seeing "{Dangerous
>>Content?}" or whatever, and therefore ignoring it.
>>
>>I have tagged the subject line so far, and I think it is already starting
>>to cause problems. I am tending towards removing the subject tag.
>>
>>Any thoughts please?

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list