Phishing net behaving strangely

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Fri Apr 8 16:43:39 IST 2005


there's a setting in MailScanner.conf that will enable or disable the
phishing net for ip-address....

# While detecting "Phishing" attacks, do you also want to point out links
# to numeric IP addresses. Genuine links to totally numeric IP addresses
# are very rare, so this option is set to "yes" by default. If a numeric
# IP address is found in a link, the same phishing warning message is used
# as in the Find Phishing Fraud option above.
# This can also be the filename of a ruleset.
Also Find Numeric Phishing = yes

Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

Denis Beauchemin wrote:
> Hello,
> I am testing the phishing net for the first time.  I use MS 4.40.11 on a
> brand new machine.  Language.conf contains:
> PossibleFraudStart = <font color="red"><b>MailScanner soup&ccedil;onne
> le lien
> PossibleFraudEnd = d'&ecirc;tre une tentative de fraude de la part
> de</b></font>
> Here is what I sent to test (I added some underscores to make sure my
> message would not be trapped again):
> <a href="http_:_//_132_._210_._0_._0/">bad tag</a><br>
> Here is what I got:
> <a href="http_:_//_132_._210_._0_._0/"><font color="red"><b>MailScanner
> soup&ccedil;onne le lien "" d'&ecirc;tre une tentative de
> fraude de la part de</b></font> pas le bon</a><br>
> Which makes MS' message appear as a link.  The message translates to: MS
> believes the link "" to be a phishing fraud attempt from bad
> tag.
> Is this normal behaviour?
> Denis


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list