phishing net suggestion

Julian Field MailScanner at ecs.soton.ac.uk
Tue Feb 22 20:29:38 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I've just taken a look at this problem. It would be a real pig to
implement this. The way the HTML parser works makes this almost
impossible, and I'm not about to rewrite someone else's entire HTML
parser to use a different data structure.

Sorry.

The problem I hit was that getting rid of the opening <a> tag pointing
to the phishing site cannot be removed. I managed pretty much all the
rest of it. :-(

Mark Nienberg wrote:

> Hmm.  Maybe.  I'm currently running 4.37.7.  Are there more options in
> the latest version or should I just play with the two settings in
> "languages.conf" (PossibleFraudStart and PossibleFraudEnd)?
>
> Julian Field wrote:
>
>> Good idea. How much of this can actually be achieved by customising the
>> currently available options and text strings (languages.conf) ?
>>
>> Mark Nienberg wrote:
>>
>>> Is there any chance an option could be added to the phishing net
>>> feature
>>> so when MailScanner dectects something like this:
>>>
>>> <a href="http://www.phishing.link">http://www.display.link</a>
>>>
>>> it replaces it with somethng like this:
>>>
>>> <a
>>> href="http://www.mydomain.com/warning.php?link=www.phishing.link&display=www.display.link">http://www.display.link</a>
>>>
>>>
>>>
>>>
>>> Then, if the user clicks on the link, he or she will be taken to a
>>> dynamically generated (php or a perl cgi) page on our own website that
>>> will explain the potential phishing attack, show the link as it
>>> displays, and show the actual link.  It could include a working link to
>>> the actual link in case the user really wants to go there (or in
>>> case of
>>> false positive).  Help desk info, etc could also be included.
>>>
>>> It has the advantage that false positives are not even noticeable
>>> unless
>>> the user clicks on the link.  It allows a much better explanation of
>>> what the possible problem is.  It could include links to general
>>> information on the internet regarding phishing, etc.
>>>
>>> I suppose someone who runs a high volume website could even have a
>>> generic page for other mailscaner admins to use if they don't have
>>> their
>>> own webserver set up.
>>>
>
>
> --
> Mark Nienberg, SE
> Tipping Mar + associates
> 1906 Shattuck Ave
> Berkeley, CA 94704
> http://www.tippingmar.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list