Possible Bug in Phishing Detection

Matt Hampton matt at coders.co.uk
Mon Jun 12 14:03:17 IST 2006


I think I have discovered a possible bug in the Phishing net.

Versions: (RPM based)
This is CentOS release 4.3 (Final)
This is Perl version 5.008005 (5.8.5)
This is MailScanner version 4.54.6

If you send a link in the format
<a href="http://www.domain.com.">http://www.domain.com.</a>

You get the standard warning of

"MailScanner has detected a possible fraud attempt from
"www.domain.com." claiming to be http://www.domain.com.

Obviously this is wrong: especially when you look in the syslog and get
the following:

Found phishing fraud from www.domain.com. claiming to be www.domain.com
in k5CCsrln020271

I haven't had a chance to look at a fix yet - I'll try when I get home
from the office.



More information about the MailScanner mailing list