We are receiving a lot of bank Phishing emails.
Steen, Glenn
Glenn.Steen at AP1.SE
Fri Jan 14 20:14:09 GMT 2005
Yes, sorry... I should have made clear about the "virus-whitelist"
assumption (good spot Steve, and fine that you had it already
John:-).
I don't have what you're asking for, but it shouldn't be too dificult
to make a script that queries the maillog table for Phishing
viruses/day and simply send them.
Can perhaps help come monday, if you need that.
-- Glenn
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of John Crossan
> Sent: den 14 januari 2005 18:56
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: We are receiving a lot of bank Phishing emails.
>
>
> I have a rule to not scan anything from localhost so I could
> send without
> being re-detected.
> I was looking for some way of placing the process on auto-pilot.
> I know that MailScanner can recognize and store/forward all
> viruses /spam.
> I was hoping that there was someone with experience that is already
> automatically forwarding (including the necessary headers)
> just the bank
> Phishing to the appropriate Law enforcement agency.
> I would want to forward the original message, not the
> processed one that has
> a substitute text message/file instead of the virus.
>
>
> Thanks in advance
> John Crossan
> Systems Administrator
> Valley Presbyterian Hospital
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Steve Swaney
> Sent: Friday, January 14, 2005 7:33 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: We are receiving a lot of bank Phishing emails.
>
>
> > -----Original Message-----
> > From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Steen, Glenn
> > Sent: Friday, January 14, 2005 4:19 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: We are receiving a lot of bank Phishing emails.
> >
> > Sounds like you're using MailWatch. MW will not let you do this,
> > true, but the solution isn't that much more complex... Unless you
> > really don't like the commandline:-).
> > Simply
> > sendmail alternat at addre.ss <
> > /path/to/MailScanner/quarantine/<date>/<message-id>/message
> > and you should be fine.
> >
> > -- Glenn
> >
> I don't think this will work. I will just be caught again by ClamAV.
>
> Possibly a rule for Virus Scanning = that looks at the To: address:
>
> To: user at somedoamin.com no
> ToOrFrom: default yes
>
> Where user at somedomain.co is the recipient of the virus :)
> Might be work.
>
> Steve
>
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney at fsl.com
>
>
> --
> This message has been scanned for viruses and dangerous content by The
> MailScanner at Fortress Systems Ltd., www.fsl.com, and is
> believed to be
> clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list