Phishing problem.

Julian Field MailScanner at ecs.soton.ac.uk
Mon Nov 28 11:00:20 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Try setting "Phishing Modify Subject = yes" in MailScanner.conf and let
me know what happens. I have an idea of what it might be. At some point
in the last month or 2, CVS "lost" an edit (CVS is the package that
manages the source code tree). MessageBatch.pm was therefore missing a
function.
Upgrade to the latest beta and let me know what happens. This may well
fix it.

On 28 Nov 2005, at 10:45, Tony Enderby wrote:

      Hi All,
 
I have read some posts in the list archive regarding phishing fraud
detection and one in particular about a user who couldn't get the
functionality working but there was no definitive answer so I
thought I'd ask again.
 
I have been unable to get phishing detection to trigger (insert
highlight) with MS v 4.47.4 or the two previous stable releases.  
I have dangerous content scanning set to on and although originally
had 'find phishing fraud" set to a ruleset, have also tried hard
coding to '"yes" both with the same result.
 
I have tried manually firing the phishing detection by sending hand
coded html email from various external sources (not on phishing
whitelist) with disparate text and URL links, and also copied
examples from various "phishing sample" websites.  The numeric
phishing detection does also not seem to work with the most simple
email I've compiled and sent containing the following entry <a
href=numericlinkwarning
http://203.203.45.45>http://www.test.net</a> but MS lets them
through without inserting the warning.
 
The folloing entries appears in my MailScanner.conf
 
Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Highlight Phishing Fraud = yes
 
A copy of terminal output from MailScanner -v is included below in
the hope that maybe I'm missing some HTML parser module which is
required to do the phishing checks.

Any help would be much appreciated.
 
Tony.
 
This is Perl version 5.008005 (5.8.5)
 
This is MailScanner version 4.47.4
Module versions are:
1.00    AnyDBM_File
1.14    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.417   MIME::Decoder
5.417   MIME::Decoder::UU
5.417   MIME::Head
5.417   MIME::Parser
3.03    MIME::QuotedPrint
5.417   MIME::Tools
0.10    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime
 
Optional module versions are:
0.17    Convert::TNEF
1.809   DB_File
1.08    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.01    Digest::SHA1
missing Inline
missing Mail::ClamAV
3.000004        Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.23    Net::DNS
0.31    Net::LDAP
missing Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.42    Test::Harness
0.47    Test::Simple
1.95    Text::Balanced
1.19    URI

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html). 

Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]




More information about the MailScanner mailing list