Phishing Trouble

Julian Field MailScanner at ecs.soton.ac.uk
Fri Aug 19 17:16:10 IST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19 Aug 2005, at 16:48, Denis Beauchemin wrote:

> * PGP Bad Signature, Signed by a unverified key
> Julian Field wrote:
>
>
>> Attached is a patch for Message.pm which should stop this  
>> happening  again.
>>
>
> Julian,
>
> Tried it yesterday and this morning my server had a huge backlog of  
> messages in mqueue.in.  I managed to single out some messages and  
> ran MS in debug mode on them to get the following error:
> Unmatched ) in regex; marked by <-- HERE in m/^www 
> \.mailscannersoup&ccedil;onnelelien"www.ipm2005.fr) <-- HERE "/ at / 
> usr/lib/MailScanner/MailScanner/Message.pm line 4954
>
> and line 4954 is:
>      if ($squashedtext =~ /^www\.$squashedpossible\"$linkurl\"/) {
>
> So I backed out of the patch and then the messages went by just fine.

Sorry, I forgot to quotemeta the regexp.

Change that bit of code so it looks like this instead:

       my $squashedpossible = lc($possiblefraudstart);
       $squashedpossible =~ s/\s//g;
       $squashedpossible =~ s/(\<\/?[^>]*\>)*//ig; # Remove tags
       $squashedpossible = "www.$squashedpossible\"$linkurl\"";
       $squashedpossible = quotemeta($squashedpossible);
       #print STDERR "NEW CODE: SquashedText     = $squashedtext\n";
       #print STDERR "NEW CODE: SquashedPossible = $squashedpossible\n";
       #print STDERR "NEW CODE: LinkURL          = $linkurl\n";
       if ($squashedtext =~ /^$squashedpossible/) {
         #print STDERR "FOUND IT\n";
         print "$DisarmLinkText$text";
         $DisarmLinkText = ""; # Reset state of automaton
         return;
       }

Then it should work rather better!
Sorry about that, I wrote it in too much of a hurry :-(
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQA/AwUBQwYFzxH2WUcUFbZUEQKvqACg/TImPupNqq/zwd0iHNuGD40nv8oAoKV/
kUp/oOyUbGnVjdVPhL4TP8gB
=o1i0
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list