phishing / languages.conf question

John French john.french at EMICH.EDU
Thu Feb 17 02:52:42 GMT 2005


I have the phishing section in the languages.conf file set to the defaults,
but it seems as if the start and end fraud bits aren't working correctly on
some of my emails.  If you look at the example below, it looks as if the
start tidbit is being entered twice, and the end doesn't appear until much
later (resulting in large sections of the e-mail being marked red instead
of just the phishing part).  Is this by design / do I have something
misconfigured?

from: /etc/MailScanner/reports/en/languages.conf
PossibleFraudStart = <font color="red"><b>MailScanner has detected a
possible fraud attempt from
PossibleFraudEnd = claiming to be</b></font>

from the e-mail:
<p class="MsoNormal">Governor Granholm signed the Identity Theft Act (<a
href="Identity%20theft%20act"></b></font><font color="red"><b>MailScanner
has detected a possible fraud attempt from "identitytheft act" claiming to
be http://www.michigan.gov/gov/0,1607,7-168--107078--,00.html</a><font
color="red"><b>) which will go into affect March 2005, which basically
states that SSN and Credit Card information can not be printed in their
entirety, reporting that contains SSN must have a disposition policy, <span
style=""></span> SSN can not be required in order to obtain services and
systems can not use SSN as identifiers.&nbsp; There are exceptions to the
act and different deadlines&nbsp;depending on current systems in
place.&nbsp;</b></font></p>

I am thinking that this could potentially have something to do with the
parentheses.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list