Phishing fraud question

Remco Barendse mailscanner at BARENDSE.TO
Thu Oct 14 12:44:53 IST 2004


<x-flowed>
On Thu, 14 Oct 2004, Julian Field wrote:

> Any idea how it's doing it? My approach doesn't use any virus signatures
> and works with any virus scanner. Are you getting any false negatives at all?

No idea at all, and I'm not on the clam list. Googling around a bit it
seems that they are defining the phishy stuff in their datfiles

At the current speed of newly emerging ponds I think their datfiles will
grow rapidly :)

So far I have seen a catch rate of 100% and no FP :)

>
> At 11:05 14/10/2004, you wrote:
>> I'm not sure how it works but all phishing mails we seem to get are
>> blocked by clamav 0.80-rc3 and marked as a virus.
>>
>> Haven't seen a single false positive yet.
>>
>> Maybe ppl could try clamav 0.80-rc3 to see what their results are?
>>
>>
>>
>> On Thu, 14 Oct 2004, Julian Field wrote:
>>
>>> I want your opinion.
>>>
>>> When things like scripts and forms are detected in emails, they are just
>>> quietly disarmed without any subject line tagging at all.
>>>
>>> Should I do the same with phishing fraud attempts? The warning in the
>>> message will be put in right next to the offending link.
>>>
>>> It's just that phishing detection does detect quite a few false positives
>>> due to the stupidity of a lot of newsletter authors who put "fake" links
>>> in
>>> their material. I don't want people to become used to seeing "{Dangerous
>>> Content?}" or whatever, and therefore ignoring it.
>>>
>>> I have tagged the subject line so far, and I think it is already starting
>>> to cause problems. I am tending towards removing the subject tag.
>>>
>>> Any thoughts please?
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list