Possible Bug in Phishing Detection
Julian Field
MailScanner at ecs.soton.ac.uk
Mon Jun 12 14:47:29 IST 2006
Dead simple fix.
Add this 1 line to Message.pm:
--- Message.pm.old 2006-06-06 18:03:43.000000000 +0100
+++ /Message.pm 2006-06-12 14:44:47.000000000 +0100
@@ -5734,6 +5734,7 @@
#print STDERR "Is $linkurl\n";
return ("",0) if $linkurl =~ /\@/ && $linkurl !~ /\//; # Ignore
emails
#$linkurl = "" if $linkurl =~ /\@/ && $linkurl !~ /\//; # Ignore
emails
+ $linkurl =~ s/[,.]+$//; # Remove trailing dots, but also commas
while at it
$linkurl =~ s/^\[\d*\]//; # Remove leading [numbers]
$linkurl =~ s/^blocked[:\/]+//i; # Remove "blocked::" labels
$linkurl =~ s/^outbind:\/\/\d+\///i; # Remove "outbind://22/"
type labels
On 12 Jun 2006, at 14:03, Matt Hampton wrote:
> All
>
> I think I have discovered a possible bug in the Phishing net.
>
> Versions: (RPM based)
> This is CentOS release 4.3 (Final)
> This is Perl version 5.008005 (5.8.5)
> This is MailScanner version 4.54.6
>
>
> If you send a link in the format
> <a href="http://www.domain.com.">http://www.domain.com.</a>
>
> You get the standard warning of
>
> "MailScanner has detected a possible fraud attempt from
> "www.domain.com." claiming to be http://www.domain.com.
>
> Obviously this is wrong: especially when you look in the syslog and
> get
> the following:
>
> Found phishing fraud from www.domain.com. claiming to be
> www.domain.com
> in k5CCsrln020271
>
> I haven't had a chance to look at a fix yet - I'll try when I get home
> from the office.
>
>
>
> regards
>
> Matt
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
More information about the MailScanner
mailing list