Phishing Trouble
Rabellino Sergio
rabellino at DI.UNITO.IT
Thu Aug 18 10:53:10 IST 2005
Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I would suspect you are going through 2 MailScanner servers.
> I need to add a bit more intelligence so that it notices it has
> already been tagged once and doesn't tag it a second time.
>
> On 18 Aug 2005, at 09:59, Rabellino Sergio wrote:
>
>
>>Dear list,
>> I have a trouble with the phishing detection as stated below:
>>
>><td class="trouble"><a href="http://www.informit.com/click.ashx?
>>dk=3928&u=3FD68173-50E2-49D5-B1BB-F837D0F828F3&r=%2fnewsletters%
>>2fwhatsnew.asp%3fni%3d101%26st%3d45774"></b></font><font
>>color="red"><b>MailScanner has detected a possible fraud attempt
>>from "www.informit.com" claiming to be</b></font> <font
>>color="red"><b>MailScanner has detected a possible fraud attempt
>>from "www.informit.com" claiming to be Having trouble viewing the e-
>>mail below?<br />http://www.informit.com/newsletters/whatsnew.asp?
>>ni=101&st=45774</a></td>
>>
>>I understand why the link is a phishing link, but why the
>>MailScanner fraud message is repeated twice ?
>>Regular expression bug ?
>>
>>I'm using MailScanner 4.44.6 with SA 3.0.4 on Solaris 9/perl 5.8.0.
>>
>>Thanks.
These are the full headers (blanked where needed with XXX)
Return-Path: <owner-nolist-INFORMIT_PROMO-20050818-#*pXXXis**DI*-UNITO*-IT at mailer.informit.com>
Received: via tmail-2002(14) for pXXXris; Thu, 18 Aug 2005 09:56:16 +0200 (MEST)
Received: from mailer.informit.com (mailer.informit.com [168.215.198.88])
by pianeta.di.unito.it (INFO-DIP) with ESMTP id j7I7rXXX0324
for <pXXXs at DI.UNITO.IT>; Thu, 18 Aug 2005 09:56:09 +0200 (MEST)
Message-Id: <200508180756.j7I7rXXX00324 at pianeta.di.unito.it>
Received: from indims101 (mailer.informit.com) by mailer.informit.com (LSMTP for Windows NT v1.1b) with SMTP id
<0.000003EB at mailer.informit.com>; Thu, 18 Aug 2005 2:17:45 -0500
To: pXXXis at DI.UNITO.IT
From: "InformIT Promotions" <bookstore at informit.com>
Date: Thu, 18 Aug 2005 02:14:51 -0500
Subject: -- DISARMED CONTENT -- The Art of Computer Programming Revisited
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_nextpart_INFORMIT_PROMO_20050818"
X-dipinfo-MailScanner-Information: Please contact Department of Computer Science technical staff for more information
X-SpamCheck: not spam, SpamAssassin (score=-0.775, required 5,
BAYES_00 -2.60, HTML_MESSAGE 0.00, HTML_WEB_BUGS 0.04,
MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72,
URI_REDIRECTOR 0.01)
X-MailScanner-From: owner-nolist-informit_promo-20050818-#*pXXXs**di*-unito*-it at mailer.informit.com
Only a MailScanner was run on this message, I believe.
--
Dott. Mag. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Italy)
http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list