phishing net suggestion
MailScanner at ecs.soton.ac.uk
Tue Feb 22 20:29:38 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I've just taken a look at this problem. It would be a real pig to
implement this. The way the HTML parser works makes this almost
impossible, and I'm not about to rewrite someone else's entire HTML
parser to use a different data structure.
The problem I hit was that getting rid of the opening <a> tag pointing
to the phishing site cannot be removed. I managed pretty much all the
rest of it. :-(
Mark Nienberg wrote:
> Hmm. Maybe. I'm currently running 4.37.7. Are there more options in
> the latest version or should I just play with the two settings in
> "languages.conf" (PossibleFraudStart and PossibleFraudEnd)?
> Julian Field wrote:
>> Good idea. How much of this can actually be achieved by customising the
>> currently available options and text strings (languages.conf) ?
>> Mark Nienberg wrote:
>>> Is there any chance an option could be added to the phishing net
>>> so when MailScanner dectects something like this:
>>> <a href="http://www.phishing.link">http://www.display.link</a>
>>> it replaces it with somethng like this:
>>> Then, if the user clicks on the link, he or she will be taken to a
>>> dynamically generated (php or a perl cgi) page on our own website that
>>> will explain the potential phishing attack, show the link as it
>>> displays, and show the actual link. It could include a working link to
>>> the actual link in case the user really wants to go there (or in
>>> case of
>>> false positive). Help desk info, etc could also be included.
>>> It has the advantage that false positives are not even noticeable
>>> the user clicks on the link. It allows a much better explanation of
>>> what the possible problem is. It could include links to general
>>> information on the internet regarding phishing, etc.
>>> I suppose someone who runs a high volume website could even have a
>>> generic page for other mailscaner admins to use if they don't have
>>> own webserver set up.
> Mark Nienberg, SE
> Tipping Mar + associates
> 1906 Shattuck Ave
> Berkeley, CA 94704
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> Support MailScanner development - buy the book off the website!
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner