Beta 4.52.1 released

Julian Field MailScanner at
Mon Mar 27 18:26:28 IST 2006

The parser is failing to stop at the .com.
It cannot be perfect as it is a "Natural Language" problem which are 
notoriously hard to solve.
However, I'll take a look at the parser and see if I can catch this one.

Ken A wrote:
> Julian Field wrote:
>> I think the answer is "nothing but log it", but test it out and let 
>> me know.
> Looks like there may be a parsing problem in the phishing code.
> MailScanner logs this:
> Found phishing fraud from claiming to be 
> www.foralimitedtime, 
> in k2RGgTj4022846
> Here's the html in the email that triggered this:
> <A href="" style="color: 
> #000000;text-decoration:none;">For a limited time, get up to 30% off 
> on all Dwell Bedding and Pillows at Pay only $5 to ship 
> everything! Click now and save!</a>
> Thanks,
> Ken Anderson
> Pacific.Net
>> Ken A wrote:
>>> Julian,
>>> That sounds like a nice improvement. I had turned off the phishing 
>>> code due to false positives with it, but will give it a shot with 
>>> "Use Stricter Phishing Net = no".
>>> If I have Phishing Modify Subject = no, and Highlight Phishing Fraud 
>>> = no, what does MailScanner do when it finds a phishing attempt? I'm 
>>> hoping the answer is "nothing but log it", so that I can use this 
>>> configuration for testing.
>>> Thanks,
>>> Ken A
>>> Pacific.Net
>>> Julian Field wrote:
>>>> I have just released a new beta version 4.52.1.
>>>> There is 1 new feature in this release, but it will be important to 
>>>> some of you, so please read on. It affects the phishing net, and 
>>>> may give you pretty good protection against phishing scams, while 
>>>> having a much lower false alarm rate than the full phishing net 
>>>> code that has been there so far.
>>>>  You can now set "Use Stricter Phishing Net = no" which will make the
>>>>  phishing net just check the name of the company owning the 
>>>> website, along
>>>>  with any country code of course. There is a configuration file 
>>>> containing
>>>>  a list of all the 2nd and 3rd level domain names in use by all 
>>>> countries,
>>>>  it lists domain endings such as "" which are used by a 
>>>> country to
>>>>  describe a whole type of websites within their country. So if the 
>>>> website
>>>>  is "" it knows to check just, 
>>>> whereas
>>>>  given "" it will check
>>>>  The configuration file "Country Sub-Domains List" lists all the 
>>>> entries
>>>>  required for this to work in any country, 1 per line. You 
>>>> shouldn't need
>>>>  to touch this file.
>>>> I hope you find this new feature useful, and it may enable some of 
>>>> you (particularly large ISPs) to provide your customers and users 
>>>> with a high level of protection against phishing scams.
>>>> Let me know how you get on.

Julian Field
Buy the MailScanner book at
Professional Support Services at
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list