Possible Bug in Phishing Detection
Matt Hampton
matt at coders.co.uk
Mon Jun 12 14:03:17 IST 2006
All
I think I have discovered a possible bug in the Phishing net.
Versions: (RPM based)
This is CentOS release 4.3 (Final)
This is Perl version 5.008005 (5.8.5)
This is MailScanner version 4.54.6
If you send a link in the format
<a href="http://www.domain.com.">http://www.domain.com.</a>
You get the standard warning of
"MailScanner has detected a possible fraud attempt from
"www.domain.com." claiming to be http://www.domain.com.
Obviously this is wrong: especially when you look in the syslog and get
the following:
Found phishing fraud from www.domain.com. claiming to be www.domain.com
in k5CCsrln020271
I haven't had a chance to look at a fix yet - I'll try when I get home
from the office.
regards
Matt
More information about the MailScanner
mailing list