We are receiving a lot of bank Phishing emails.

Fri Jan 14 20:14:09 GMT 2005

Yes, sorry... I should have made clear about the "virus-whitelist"
assumption (good spot Steve, and fine that you had it already
John:-).

I don't have what you're asking for, but it shouldn't be too dificult
to make a script that queries the maillog table for Phishing
viruses/day and simply send them.

Can perhaps help come monday, if you need that.

-- Glenn

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of John Crossan
> Sent: den 14 januari 2005 18:56
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: We are receiving a lot of bank Phishing emails.
> 
> 
> I have a rule to not scan anything from localhost so I could 
> send without
> being re-detected.
> I was looking for some way of placing the process on auto-pilot.
> I know that MailScanner can recognize and store/forward all 
> viruses /spam.
> I was hoping that there was someone with experience that is already
> automatically forwarding (including the necessary headers) 
> just the bank
> Phishing to the appropriate Law enforcement agency.
> I would want to forward the original message, not the 
> processed one that has
> a substitute text message/file instead of the virus.
> 
> 
> Thanks in advance
> John Crossan
> Systems Administrator
> Valley Presbyterian Hospital
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Steve Swaney
> Sent: Friday, January 14, 2005 7:33 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: We are receiving a lot of bank Phishing emails.
> 
> 
> > -----Original Message-----
> > From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Steen, Glenn
> > Sent: Friday, January 14, 2005 4:19 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: We are receiving a lot of bank Phishing emails.
> >
> > Sounds like you're using MailWatch. MW will not let you do this,
> > true, but the solution isn't that much more complex... Unless you
> > really don't like the commandline:-).
> > Simply
> > sendmail alternat at addre.ss <
> > /path/to/MailScanner/quarantine/<date>/<message-id>/message
> > and you should be fine.
> >
> > -- Glenn
> >
> I don't think this will work. I will just be caught again by ClamAV.
> 
> Possibly a rule for Virus Scanning = that looks at the To: address:
> 
> To:     user at somedoamin.com     no
> ToOrFrom:       default yes
> 
> Where user at somedomain.co is the recipient of the virus :) 
> Might be work.
> 
> Steve
> 
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney at fsl.com
> 
> 
> --
> This message has been scanned for viruses and dangerous content by The
> MailScanner at Fortress Systems Ltd., www.fsl.com, and is 
> believed to be
> clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!