Beta 4.52.1 released

Ken A ka at pacific.net
Mon Mar 27 18:00:09 IST 2006 


Julian Field wrote:
> I think the answer is "nothing but log it", but test it out and let me 
> know.

Looks like there may be a parsing problem in the phishing code.
MailScanner logs this:

Found phishing fraud from www.bizrate.com claiming to be 
www.foralimitedtime,getupto30%%offonalldwellbeddingandpillowsatwrapables.com.payo 
in k2RGgTj4022846

Here's the html in the email that triggered this:

<A href="http://www.bizrate.com/mkt.xpml?eml_id=134000" style="color: 
#000000;text-decoration:none;">For a limited time, get up to 30% off on 
all Dwell Bedding and Pillows at Wrapables.com. Pay only $5 to ship 
everything! Click now and save!</a>

Thanks,

Ken Anderson
Pacific.Net



> Ken A wrote:
>> Julian,
>> That sounds like a nice improvement. I had turned off the phishing 
>> code due to false positives with it, but will give it a shot with "Use 
>> Stricter Phishing Net = no".
>>
>> If I have Phishing Modify Subject = no, and Highlight Phishing Fraud = 
>> no, what does MailScanner do when it finds a phishing attempt? I'm 
>> hoping the answer is "nothing but log it", so that I can use this 
>> configuration for testing.
>>
>> Thanks,
>> Ken A
>> Pacific.Net
>>
>> Julian Field wrote:
>>> I have just released a new beta version 4.52.1.
>>>
>>> There is 1 new feature in this release, but it will be important to 
>>> some of you, so please read on. It affects the phishing net, and may 
>>> give you pretty good protection against phishing scams, while having 
>>> a much lower false alarm rate than the full phishing net code that 
>>> has been there so far.
>>>
>>>  You can now set "Use Stricter Phishing Net = no" which will make the
>>>  phishing net just check the name of the company owning the website, 
>>> along
>>>  with any country code of course. There is a configuration file 
>>> containing
>>>  a list of all the 2nd and 3rd level domain names in use by all 
>>> countries,
>>>  it lists domain endings such as "org.uk" which are used by a country to
>>>  describe a whole type of websites within their country. So if the 
>>> website
>>>  is "www.hello.company.com" it knows to check just company.com, whereas
>>>  given "www.byebye.charity.org.uk" it will check charity.org.uk.
>>>  The configuration file "Country Sub-Domains List" lists all the entries
>>>  required for this to work in any country, 1 per line. You shouldn't 
>>> need
>>>  to touch this file.
>>>
>>> I hope you find this new feature useful, and it may enable some of 
>>> you (particularly large ISPs) to provide your customers and users 
>>> with a high level of protection against phishing scams.
>>>
>>> Let me know how you get on.
>>>
>

More information about the MailScanner mailing list