Phishing problem.

Tony Enderby tenderby at MAILWASH.COM.AU
Mon Nov 28 10:45:26 GMT 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi All,
 
I have read some posts in the list archive regarding phishing fraud
detection and one in particular about a user who couldn't get the
functionality working but there was no definitive answer so I thought I'd
ask again.
 
I have been unable to get phishing detection to trigger (insert
highlight) with MS v 4.47.4 or the two previous stable releases.   I have
dangerous content scanning set to on and although originally had 'find
phishing fraud" set to a ruleset, have also tried hard coding to '"yes"
both with the same result.
 
I have tried manually firing the phishing detection by sending hand coded
html email from various external sources (not on phishing whitelist) with
disparate text and URL links, and also copied examples from various
"phishing sample" websites.  The numeric phishing detection does also not
seem to work with the most simple email I've compiled and sent containing
the following entry <a href=http://203.203.45.45>http://www.test.net</a>
but MS lets them through without inserting the warning.
 
The folloing entries appears in my MailScanner.conf
 
Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Highlight Phishing Fraud = yes
 
A copy of terminal output from MailScanner -v is included below in the
hope that maybe I'm missing some HTML parser module which is required to
do the phishing checks.

Any help would be much appreciated.
 
Tony.
 
This is Perl version 5.008005 (5.8.5)
 
This is MailScanner version 4.47.4
Module versions are:
1.00    AnyDBM_File
1.14    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.417   MIME::Decoder
5.417   MIME::Decoder::UU
5.417   MIME::Head
5.417   MIME::Parser
3.03    MIME::QuotedPrint
5.417   MIME::Tools
0.10    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime
 
Optional module versions are:
0.17    Convert::TNEF
1.809   DB_File
1.08    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.01    Digest::SHA1
missing Inline
missing Mail::ClamAV
3.000004        Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.23    Net::DNS
0.31    Net::LDAP
missing Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.42    Test::Harness
0.47    Test::Simple
1.95    Text::Balanced
1.19    URI

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list