phishing detection not working?

Patel, Anjana Anjana.Patel at Cranfield.ac.uk
Tue Jan 24 11:53:07 GMT 2006 

Hello,

I'm having problems getting the phishing detection to work.  I've
noticed from the mailing list archives that a couple of other people
also had the same problem but I didn't see a resolution.

I've upgraded Mailscanner to the latest stable (4.49.7) but after
several tests it appears that the phishing detection is still not
working.  It had also failed to work in version 4.47.4. 

The maillog shows that the phishing whitelist is being read:

 "Read 701 hostnames from the phishing whitelist"

Here are the relevant paramaters:

Dangerous Content Scanning = yes
Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Highlight Phishing Fraud = yes
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Modify Subject = yes
Phishing Subject Text = {FRAUD?}


./MailScanner --version
Running on
Linux mailgate-1 2.6.9-11.ELsmp #1 SMP Fri May 20 18:26:27 EDT 2005 i686
i686 i386 GNU/Linux
This is Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
This is Perl version 5.008005 (5.8.5)

This is MailScanner version 4.49.7
Module versions are:
1.00    AnyDBM_File
1.16    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.16    File::Temp
1.32    HTML::Entities
3.48    HTML::Parser
2.35    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
1.71    Mail::Header
3.07    MIME::Base64
5.419   MIME::Decoder
5.419   MIME::Decoder::UU
5.419   MIME::Head
5.419   MIME::Parser
3.07    MIME::QuotedPrint
5.419   MIME::Tools
0.11    Net::CIDR
1.08    POSIX
1.77    Socket
0.08    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
0.17    Convert::TNEF
1.809   DB_File
1.08    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.07    Digest::SHA1
0.44    Inline
0.17    Mail::ClamAV
3.001000        Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.55    Net::DNS
0.31    Net::LDAP
1.94    Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.42    Test::Harness
0.47    Test::Simple
1.95    Text::Balanced
1.30    URI


I don't think the settings for these are relevant but I have included
them as extra information

Allow IFrame Tags = yes
Allow Form Tags = yes
Allow Script Tags = yes
Allow WebBugs = yes
Allow Object Codebase Tags = yes
Convert Dangerous HTML To Text = no


Any advice would be appreciated.

Thanks
Anjana

More information about the MailScanner mailing list