phishing detection not working?

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 24 12:03:26 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----

This is fixed in 4.50. Sorry, I missed putting it in the Change Log.
For now, just set one of the dangerous content checks to disarm or no.
Then it will work again.

On 24 Jan 2006, at 11:53, Patel, Anjana wrote:

>
> Hello,
>
> I'm having problems getting the phishing detection to work.  I've
> noticed from the mailing list archives that a couple of other people
> also had the same problem but I didn't see a resolution.
>
> I've upgraded Mailscanner to the latest stable (4.49.7) but after
> several tests it appears that the phishing detection is still not
> working.  It had also failed to work in version 4.47.4.
>
> The maillog shows that the phishing whitelist is being read:
>
>  "Read 701 hostnames from the phishing whitelist"
>
> Here are the relevant paramaters:
>
> Dangerous Content Scanning = yes
> Find Phishing Fraud = yes
> Also Find Numeric Phishing = yes
> Highlight Phishing Fraud = yes
> Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
> Phishing Modify Subject = yes
> Phishing Subject Text = {FRAUD?}
>
>
> ./MailScanner --version
> Running on
> Linux mailgate-1 2.6.9-11.ELsmp #1 SMP Fri May 20 18:26:27 EDT 2005  
> i686
> i686 i386 GNU/Linux
> This is Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
> This is Perl version 5.008005 (5.8.5)
>
> This is MailScanner version 4.49.7
> Module versions are:
> 1.00    AnyDBM_File
> 1.16    Archive::Zip
> 1.03    Carp
> 1.119   Convert::BinHex
> 1.00    DirHandle
> 1.05    Fcntl
> 2.73    File::Basename
> 2.08    File::Copy
> 2.01    FileHandle
> 1.06    File::Path
> 0.16    File::Temp
> 1.32    HTML::Entities
> 3.48    HTML::Parser
> 2.35    HTML::TokeParser
> 1.21    IO
> 1.10    IO::File
> 1.123   IO::Pipe
> 1.71    Mail::Header
> 3.07    MIME::Base64
> 5.419   MIME::Decoder
> 5.419   MIME::Decoder::UU
> 5.419   MIME::Head
> 5.419   MIME::Parser
> 3.07    MIME::QuotedPrint
> 5.419   MIME::Tools
> 0.11    Net::CIDR
> 1.08    POSIX
> 1.77    Socket
> 0.08    Sys::Syslog
> 1.02    Time::localtime
>
> Optional module versions are:
> 0.17    Convert::TNEF
> 1.809   DB_File
> 1.08    Digest
> 1.01    Digest::HMAC
> 2.33    Digest::MD5
> 2.07    Digest::SHA1
> 0.44    Inline
> 0.17    Mail::ClamAV
> 3.001000        Mail::SpamAssassin
> missing Mail::SPF::Query
> missing Net::CIDR::Lite
> 0.55    Net::DNS
> 0.31    Net::LDAP
> 1.94    Parse::RecDescent
> missing SAVI
> missing Sys::Hostname::Long
> 2.42    Test::Harness
> 0.47    Test::Simple
> 1.95    Text::Balanced
> 1.30    URI
>
>
> I don't think the settings for these are relevant but I have included
> them as extra information
>
> Allow IFrame Tags = yes
> Allow Form Tags = yes
> Allow Script Tags = yes
> Allow WebBugs = yes
> Allow Object Codebase Tags = yes
> Convert Dangerous HTML To Text = no
>
>
> Any advice would be appreciated.
>
> Thanks
> Anjana
>
> --
> MailScanner mailing list
> MailScanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)

iQEVAwUBQ9YXkPw32o+k+q+hAQGRkQgAvDuTutHCZMwNg9k/1qwxqc9DpUscAosJ
wX78IG6xpYS3aD6ojFt4BFaXovVrhQfpRuLvx1wzOFRi0MtjVmf8dJ+Sp56Rsquw
IJxng6/pGeJZROe8bLNK/S6tBWS32CpgNIAQVY57NntJ5e8u/2SPiRMSgZaiEsyC
vL7vjQ1P+L0Ltvq0daC73OlXTd/YQFBca5g9WDOK5pp2Uso1S9v1iCenMUU9p0hj
kGiAnBzTKAADWA1/OE7IqiRBFkn2OCwnRlXW38UtH95Qn2s77Sy/WSdAc6ieIJs+
TSMuGT3UKlYAnj3fqOIaPVv+3oPfZV5DmFZoqdB+Q9YqNKo737uILw==
=bJW0
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list