does Find Phishing Fraud alone imply disarming?
Julian Field
MailScanner at ecs.soton.ac.uk
Thu Oct 27 08:58:15 IST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Bug.
Apply this patch to /usr/lib/MailScanner/MailScanner/Message.pm
- ----- SNIP -----
- --- Message.pm.old 2005-10-24 20:06:03.000000000 +0100
+++ Message.pm 2005-10-27 08:54:46.122216809 +0100
@@ -4421,7 +4421,7 @@
if MailScanner::Config::Value('tagphishingsubject', $this) =~ /1/;
#print STDERR "PhishingSubjectTag = $PhishingSubjectTag\n";
$PhishingHighlight = 1
- - if MailScanner::Config::Value('phishinghighlight', this) =~ /1/;
+ if MailScanner::Config::Value('phishinghighlight', $this) =~ /1/;
#print STDERR "PhishingHighlight = $PhishingHighlight\n";
$DisarmPhishingFound = 0;
$DisarmHTMLChangedMessage = 0;
- ----- SNIP -----
So it was 1 missing $ symbol.
Sorry about that, should have tested it better.
On 26 Oct 2005, at 22:47, Brent Emerson wrote:
> Hi,
>
> We've really been looking forward to using the phishing detection,
> but we
> don't like to modify message content. I've just recently upgraded to
> 4.46.2 and assumed that
>
> Find Phishing Fraud = yes
> Highlight Phishing Fraud = no
> Phishing Modify Subject = yes
>
> would detect phishing attempts and then modify the subject without
> disarming the phishing tags. But I see lines like:
>
> Oct 26 14:16:49 smtp2 MailScanner[79047]: Content Checks: Detected and
> have disarmed phishing tags in HTML message
>
> in my logs, and my clients report some mangling of the content in
> affected
> messages. Is there a setting I've missed, or is there currently no
> way to
> do phishing detection without disarming? If not, could detection be
> separated from disarming in a future release, perhaps with a
> setting like:
>
> Allow Phishing = yes/no/disarm
>
> similar to the treatment of Scripts/WebBugs/etc.
>
>
> Brent Emerson
>
> P.S. We want to avoid disarming (1) because it violates a basic
> principle
> we have of not modifying message bodies except to remove whole
> viral MIME
> parts and (2) because we've found the phishing system to sometimes
> make
> mistakes in putting links back together, for instance shifting the
> position of formatting tags around within/around an anchor tag.
>
>
> ----Electric Embers: Powering the fires of change--------------------
> NPOGroups | NPOMail | NPOShield | web/database/email hosting
> ----http://electricembers.net--------A member of N-TEN and NoBAWC----
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)
iQEVAwUBQ2CImPw32o+k+q+hAQEhUQgAnHrOwd5o2JLp82odsfDkufO0RlbwOUk/
jovJhhASl6l+WKhKD+ATFIk/Kra3m8+uQ1lomKOQ4XWTa+47lTlaJG9XVULP0uGl
EhWVqmBe8z7z2FfXaJx0Z/aEwsEU56zyZIjLu0tpi/GC54kBOmYiXqQOrS2ta7l5
unQ9xILiT2qjMhKxSnWvOgPMYP+lFdGcKMJsXmS+/FpeqvwlLh+Lwqb224MDX8Rj
//rIO3jEdfoaB5pFyz/U4cD+Snxpqva8FH3D5j6tPAsYVH9oN3bCpoBmvObLFM68
IntHSD+rrKb2PdjbZBbdhweUEOfzgsONUKoUZhQHXwXSFlqyECkwrg==
=/KaG
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list