does Find Phishing Fraud alone imply disarming?

Brent Emerson brent at ELECTRICEMBERS.NET
Wed Oct 26 22:47:38 IST 2005


We've really been looking forward to using the phishing detection, but we
don't like to modify message content.  I've just recently upgraded to
4.46.2 and assumed that

	Find Phishing Fraud = yes
	Highlight Phishing Fraud = no
	Phishing Modify Subject = yes

would detect phishing attempts and then modify the subject without
disarming the phishing tags.  But I see lines like:

Oct 26 14:16:49 smtp2 MailScanner[79047]: Content Checks: Detected and
have disarmed phishing tags in HTML message

in my logs, and my clients report some mangling of the content in affected
messages.  Is there a setting I've missed, or is there currently no way to
do phishing detection without disarming?  If not, could detection be
separated from disarming in a future release, perhaps with a setting like:

	Allow Phishing = yes/no/disarm

similar to the treatment of Scripts/WebBugs/etc.

Brent Emerson

P.S. We want to avoid disarming (1) because it violates a basic principle
we have of not modifying message bodies except to remove whole viral MIME
parts and (2) because we've found the phishing system to sometimes make
mistakes in putting links back together, for instance shifting the
position of formatting tags around within/around an anchor tag.

----Electric Embers: Powering the fires of change--------------------
  NPOGroups  |  NPOMail  |  NPOShield  |  web/database/email hosting
---- member of N-TEN and NoBAWC----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list