phish bypassing MS

Thu Jun 8 09:05:56 IST 2006

Michele

What URI-RBL's are you using in the SA setup?

I think the latest SA (3.1.3) has the URI-black in there as well which I
find very usefule.

I find that 88_FVGT_uri.cf from http://www.rulesemporium.com/other-rules.htm
(and Freds other rules) help a lot on this kind of thing too - assuming the
clamav phishing stuff doesn't catch them, which isn't as good as it used to
be..)

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Julian Field
> Sent: 08 June 2006 08:30
> To: MailScanner discussion
> Subject: Re: phish bypassing MS
> 
> It was an image, not text. I can't trap those, sorry.
> Doing so would require OCR.
> 
> On 7 Jun 2006, at 23:48, Michele Neylon :: Blacknight.ie wrote:
> 
> > A "nice" Barclays phish got through this evening. Possibly due to the
> > structure of the link:
> >
> > <BODY=20bgcolor=3D"#FFFFF6"=20text=3D"#0755A3">
> > <a    =20HreF=3Dhttp://
> > www.barclays.com.brc1.jsp.brcontrol.kileof.biz/r1/b=
> > />
> > <img  =20src=3D"cid:B56WDJ2PF9"=20border=3D0></a>
> >
> > Resolves to Korea, so I can't see much point in contacting them
> > about it...
> >
> > (I did contact Barclays who unlike some banks actually have a
> > mechanism
> > for reporting phishing)
> >
> > M
> > --
> > Mr Michele Neylon
> > Blacknight Solutions
> > Quality Business Hosting & Colocation
> > http://www.blacknight.ie/
> > Tel. 1850 927 280
> > Intl. +353 (0) 59  9183072
> > Direct Dial: +353 (0)59 9183090
> > Fax. +353 (0) 59  9164239
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> 
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************