phishing detection not working?

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 24 12:20:40 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----

Before 4.50, if you had all the "Dangerous Content" checks set to  
"yes" (i.e. allow everything) then the phishing net would be disabled  
too.
I have now fixed this problem, as it was only first reported to me  
earlier this month, with enough information that I could actually  
find the problem.

The latest betas of 4.50 work just fine, I have them in production  
use on several systems, and am having no problems at all.

On 24 Jan 2006, at 12:12, Tony Enderby wrote:

>
> Hi there,
>
> This is interesting, I have been using MailScanner for about a year  
> and
> have installed all major releases and betas and phishing detection has
> never worked until I installed Beta 4.50.9 at which stage it magically
> started working!
>
> So I'm not sure if it was a repackaged module in the distribution or
> whether I had installed something else during a version change window
> which the phishing code needed.
>
> My OS is FC3.
>
>
>
> On 1/24/2006, "Patel, Anjana" <Anjana.Patel at Cranfield.ac.uk> wrote:
>
>>
>> Hello,
>>
>> I'm having problems getting the phishing detection to work.  I've
>> noticed from the mailing list archives that a couple of other people
>> also had the same problem but I didn't see a resolution.
>>
>> I've upgraded Mailscanner to the latest stable (4.49.7) but after
>> several tests it appears that the phishing detection is still not
>> working.  It had also failed to work in version 4.47.4.
>>
>> The maillog shows that the phishing whitelist is being read:
>>
>> "Read 701 hostnames from the phishing whitelist"
>>
>> Here are the relevant paramaters:
>>
>> Dangerous Content Scanning = yes
>> Find Phishing Fraud = yes
>> Also Find Numeric Phishing = yes
>> Highlight Phishing Fraud = yes
>> Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
>> Phishing Modify Subject = yes
>> Phishing Subject Text = {FRAUD?}
>>
>>
>> ./MailScanner --version
>> Running on
>> Linux mailgate-1 2.6.9-11.ELsmp #1 SMP Fri May 20 18:26:27 EDT  
>> 2005 i686
>> i686 i386 GNU/Linux
>> This is Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
>> This is Perl version 5.008005 (5.8.5)
>>
>> This is MailScanner version 4.49.7
>> Module versions are:
>> 1.00    AnyDBM_File
>> 1.16    Archive::Zip
>> 1.03    Carp
>> 1.119   Convert::BinHex
>> 1.00    DirHandle
>> 1.05    Fcntl
>> 2.73    File::Basename
>> 2.08    File::Copy
>> 2.01    FileHandle
>> 1.06    File::Path
>> 0.16    File::Temp
>> 1.32    HTML::Entities
>> 3.48    HTML::Parser
>> 2.35    HTML::TokeParser
>> 1.21    IO
>> 1.10    IO::File
>> 1.123   IO::Pipe
>> 1.71    Mail::Header
>> 3.07    MIME::Base64
>> 5.419   MIME::Decoder
>> 5.419   MIME::Decoder::UU
>> 5.419   MIME::Head
>> 5.419   MIME::Parser
>> 3.07    MIME::QuotedPrint
>> 5.419   MIME::Tools
>> 0.11    Net::CIDR
>> 1.08    POSIX
>> 1.77    Socket
>> 0.08    Sys::Syslog
>> 1.02    Time::localtime
>>
>> Optional module versions are:
>> 0.17    Convert::TNEF
>> 1.809   DB_File
>> 1.08    Digest
>> 1.01    Digest::HMAC
>> 2.33    Digest::MD5
>> 2.07    Digest::SHA1
>> 0.44    Inline
>> 0.17    Mail::ClamAV
>> 3.001000        Mail::SpamAssassin
>> missing Mail::SPF::Query
>> missing Net::CIDR::Lite
>> 0.55    Net::DNS
>> 0.31    Net::LDAP
>> 1.94    Parse::RecDescent
>> missing SAVI
>> missing Sys::Hostname::Long
>> 2.42    Test::Harness
>> 0.47    Test::Simple
>> 1.95    Text::Balanced
>> 1.30    URI
>>
>>
>> I don't think the settings for these are relevant but I have included
>> them as extra information
>>
>> Allow IFrame Tags = yes
>> Allow Form Tags = yes
>> Allow Script Tags = yes
>> Allow WebBugs = yes
>> Allow Object Codebase Tags = yes
>> Convert Dangerous HTML To Text = no
>>
>>
>> Any advice would be appreciated.
>>
>> Thanks
>> Anjana
>>
>> --
>> MailScanner mailing list
>> MailScanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>> --------------------------------------------------------------------- 
>> --------------
>> Scanned by MailWash Australia - http://www.mailwash.com.au
>> --------------------------------------------------------------------- 
>> --------------
>>
>
> ---------------------------------------------------------------------- 
> -------------
> Scanned by MailWash Australia - http://www.mailwash.com.au
> ---------------------------------------------------------------------- 
> -------------
>
> --
> MailScanner mailing list
> MailScanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)

iQEVAwUBQ9Ybm/w32o+k+q+hAQF4cAf+Mxc2uxVcyD1hS/PNyrIh4s2tWuMy61ox
K5GcML+b+xUPv/NTKcOGp0w5stCMobvAJrYs8KslifrZJlWkBDOCR+4OewUod3wB
dGu9IUMy0S1v5qI7CR2XMN4k3nhKZrdlpcVPleBSKUHBO6dU482qWNu7eHIi0Lpw
Dil1kZyY+y7Io22T4S+3+3hbqIBLFq4ex5Ft0BbSB+040OryAxN5UEPdHpyaKqrN
1mhZbarroFxYixhtLSgybLhKi1pIyQSXGuwdfyGVLcZwFEKa6NqS/OB0fBJBousi
X5pQbgsHUQj1UfgKohCtxn3joGJrRjsdxTQyVr5AIfai8Qa5dX3sIA==
=aPtD
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list