MS 4.54.6 failing to tag a phishing message

René Berber r.berber at
Thu Aug 31 03:20:26 IST 2006


I'm using MS version 4.54.6 and trying to figure out why a phishing message went
in and MS didn't do anything.  The message spam score (using spamassassin
version 3.1.4 + some rules-du-jour) was very low, but as shown below inside the
message was a very obvious phishing URL.

Relevant parts of MailScanner.conf:

Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Use Stricter Phishing Net = yes
Highlight Phishing Fraud = yes
Phishing Safe Sites File = %etc-dir%/
Phishing Modify Subject = yes
Phishing Subject Text = {Fraud?}

The file does not contain the bank name.  The has a correct set of domain suffixes for this country.

The relevant part of the message is:


The links are as different as they can be, http vs https (not used by MS), vs, so what did fail in MS?

Any pointers on how to debug this or should I upgrade to the latest version?

I had a look at lib/MailScanner/ and found where the URLs are compared
taking into account the levels used by the country, I'll try to find out what
went wrong.

René Berber

More information about the MailScanner mailing list