phishing detection bug
Julian Field
jkf at ecs.soton.ac.uk
Fri Feb 18 16:25:02 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Okay, a simple trap for this one would be that the real URL must contain
at least one "." character. How about that?
John French wrote:
>The problem definitely seems to be when the href= doesn't contain a url,
>but the text between the > and </a> does. Here's another example:
>
>before:
><body bgcolor="#ffffff" text="#000000">
>test <a href="thisisnotaurl">http://thisisaurl.com</a> test<br>
></body>
>
>after:
><body bgcolor="#ffffff" text="#000000">
>test <a href="thisisnotaurl"></b></font><font
>color="red"><b>MailScanner has detected a possible fraud attempt
>from "thisisnotaurl" claiming to be</b></font> <font
>color="red"><b>MailScanner has detected a possible fraud attempt
>from "thisisnotaurl" claiming to be http://thisisaurl.com</a> test<br>
></body>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>
--
Julian Field
jkf at ecs.soton.ac.uk
Teaching Systems Manager
Electronics & Computer Science
University of Southampton
SO17 1BJ, UK
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list