phishing detection not working?

Tony Enderby tenderby at mailwash.com.au
Tue Jan 24 12:17:18 GMT 2006


Oops, it wasn't magic .. thanks Julian =)

On 1/24/2006, "Julian Field" <MailScanner at ecs.soton.ac.uk> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>This is fixed in 4.50. Sorry, I missed putting it in the Change Log.
>For now, just set one of the dangerous content checks to disarm or no.
>Then it will work again.
>
>On 24 Jan 2006, at 11:53, Patel, Anjana wrote:
>
>>
>> Hello,
>>
>> I'm having problems getting the phishing detection to work.  I've
>> noticed from the mailing list archives that a couple of other people
>> also had the same problem but I didn't see a resolution.
>>
>> I've upgraded Mailscanner to the latest stable (4.49.7) but after
>> several tests it appears that the phishing detection is still not
>> working.  It had also failed to work in version 4.47.4.
>>
>> The maillog shows that the phishing whitelist is being read:
>>
>>  "Read 701 hostnames from the phishing whitelist"
>>
>> Here are the relevant paramaters:
>>
>> Dangerous Content Scanning = yes
>> Find Phishing Fraud = yes
>> Also Find Numeric Phishing = yes
>> Highlight Phishing Fraud = yes
>> Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
>> Phishing Modify Subject = yes
>> Phishing Subject Text = {FRAUD?}
>>
>>
>> ./MailScanner --version
>> Running on
>> Linux mailgate-1 2.6.9-11.ELsmp #1 SMP Fri May 20 18:26:27 EDT 2005
>> i686
>> i686 i386 GNU/Linux
>> This is Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
>> This is Perl version 5.008005 (5.8.5)
>>
>> This is MailScanner version 4.49.7
>> Module versions are:
>> 1.00    AnyDBM_File
>> 1.16    Archive::Zip
>> 1.03    Carp
>> 1.119   Convert::BinHex
>> 1.00    DirHandle
>> 1.05    Fcntl
>> 2.73    File::Basename
>> 2.08    File::Copy
>> 2.01    FileHandle
>> 1.06    File::Path
>> 0.16    File::Temp
>> 1.32    HTML::Entities
>> 3.48    HTML::Parser
>> 2.35    HTML::TokeParser
>> 1.21    IO
>> 1.10    IO::File
>> 1.123   IO::Pipe
>> 1.71    Mail::Header
>> 3.07    MIME::Base64
>> 5.419   MIME::Decoder
>> 5.419   MIME::Decoder::UU
>> 5.419   MIME::Head
>> 5.419   MIME::Parser
>> 3.07    MIME::QuotedPrint
>> 5.419   MIME::Tools
>> 0.11    Net::CIDR
>> 1.08    POSIX
>> 1.77    Socket
>> 0.08    Sys::Syslog
>> 1.02    Time::localtime
>>
>> Optional module versions are:
>> 0.17    Convert::TNEF
>> 1.809   DB_File
>> 1.08    Digest
>> 1.01    Digest::HMAC
>> 2.33    Digest::MD5
>> 2.07    Digest::SHA1
>> 0.44    Inline
>> 0.17    Mail::ClamAV
>> 3.001000        Mail::SpamAssassin
>> missing Mail::SPF::Query
>> missing Net::CIDR::Lite
>> 0.55    Net::DNS
>> 0.31    Net::LDAP
>> 1.94    Parse::RecDescent
>> missing SAVI
>> missing Sys::Hostname::Long
>> 2.42    Test::Harness
>> 0.47    Test::Simple
>> 1.95    Text::Balanced
>> 1.30    URI
>>
>>
>> I don't think the settings for these are relevant but I have included
>> them as extra information
>>
>> Allow IFrame Tags = yes
>> Allow Form Tags = yes
>> Allow Script Tags = yes
>> Allow WebBugs = yes
>> Allow Object Codebase Tags = yes
>> Convert Dangerous HTML To Text = no
>>
>>
>> Any advice would be appreciated.
>>
>> Thanks
>> Anjana
>>
>> --
>> MailScanner mailing list
>> MailScanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
>- --
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.4 (Build 4042)
>
>iQEVAwUBQ9YXkPw32o+k+q+hAQGRkQgAvDuTutHCZMwNg9k/1qwxqc9DpUscAosJ
>wX78IG6xpYS3aD6ojFt4BFaXovVrhQfpRuLvx1wzOFRi0MtjVmf8dJ+Sp56Rsquw
>IJxng6/pGeJZROe8bLNK/S6tBWS32CpgNIAQVY57NntJ5e8u/2SPiRMSgZaiEsyC
>vL7vjQ1P+L0Ltvq0daC73OlXTd/YQFBca5g9WDOK5pp2Uso1S9v1iCenMUU9p0hj
>kGiAnBzTKAADWA1/OE7IqiRBFkn2OCwnRlXW38UtH95Qn2s77Sy/WSdAc6ieIJs+
>TSMuGT3UKlYAnj3fqOIaPVv+3oPfZV5DmFZoqdB+Q9YqNKo737uILw==
>=bJW0
>-----END PGP SIGNATURE-----
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>--
>MailScanner mailing list
>MailScanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
>
>-----------------------------------------------------------------------------------
>Scanned by MailWash Australia - http://www.mailwash.com.au
>-----------------------------------------------------------------------------------

-----------------------------------------------------------------------------------
Scanned by MailWash Australia - http://www.mailwash.com.au
-----------------------------------------------------------------------------------



More information about the MailScanner mailing list