Phishing problem.

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Mon Nov 28 10:56:41 GMT 2005 

Tony

I'd try and trigger it manually, then run MS in Debug mode and see if you
can spot anything awry......

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Tony Enderby
> Sent: 28 November 2005 10:45
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Phishing problem.
> 
> Hi All,
> 
> I have read some posts in the list archive regarding phishing fraud
> detection and one in particular about a user who couldn't get the
> functionality working but there was no definitive answer so I thought I'd
> ask again.
> 
> I have been unable to get phishing detection to trigger (insert highlight)
> with MS v 4.47.4 or the two previous stable releases.   I have dangerous
> content scanning set to on and although originally had 'find phishing
> fraud" set to a ruleset, have also tried hard coding to '"yes" both with
> the same result.
> 
> I have tried manually firing the phishing detection by sending hand coded
> html email from various external sources (not on phishing whitelist) with
> disparate text and URL links, and also copied examples from various
> "phishing sample" websites.  The numeric phishing detection does also not
> seem to work with the most simple email I've compiled and sent containing
> the following entry <a href=http://203.203.45.45>http://www.test.net</a>
> but MS lets them through without inserting the warning.
> 
> The folloing entries appears in my MailScanner.conf
> 
> Find Phishing Fraud = yes
> Also Find Numeric Phishing = yes
> Highlight Phishing Fraud = yes
> 
> A copy of terminal output from MailScanner -v is included below in the
> hope that maybe I'm missing some HTML parser module which is required to
> do the phishing checks.
> 
> Any help would be much appreciated.
> 
> Tony.
> 
> This is Perl version 5.008005 (5.8.5)
> 
> This is MailScanner version 4.47.4
> Module versions are:
> 1.00    AnyDBM_File
> 1.14    Archive::Zip
> 1.03    Carp
> 1.119   Convert::BinHex
> 1.00    DirHandle
> 1.05    Fcntl
> 2.73    File::Basename
> 2.08    File::Copy
> 2.01    FileHandle
> 1.06    File::Path
> 0.14    File::Temp
> 1.29    HTML::Entities
> 3.45    HTML::Parser
> 2.30    HTML::TokeParser
> 1.21    IO
> 1.10    IO::File
> 1.123   IO::Pipe
> 1.50    Mail::Header
> 3.05    MIME::Base64
> 5.417   MIME::Decoder
> 5.417   MIME::Decoder::UU
> 5.417   MIME::Head
> 5.417   MIME::Parser
> 3.03    MIME::QuotedPrint
> 5.417   MIME::Tools
> 0.10    Net::CIDR
> 1.08    POSIX
> 1.77    Socket
> 0.05    Sys::Syslog
> 1.02    Time::localtime
> 
> Optional module versions are:
> 0.17    Convert::TNEF
> 1.809   DB_File
> 1.08    Digest
> 1.01    Digest::HMAC
> 2.33    Digest::MD5
> 2.01    Digest::SHA1
> missing Inline
> missing Mail::ClamAV
> 3.000004        Mail::SpamAssassin
> missing Mail::SPF::Query
> missing Net::CIDR::Lite
> 0.23    Net::DNS
> 0.31    Net::LDAP
> missing Parse::RecDescent
> missing SAVI
> missing Sys::Hostname::Long
> 2.42    Test::Harness
> 0.47    Test::Simple
> 1.95    Text::Balanced
> 1.19    URI
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list