Beta 4.52.1 released

Julian Field MailScanner at ecs.soton.ac.uk
Mon Mar 27 18:26:28 IST 2006 

The parser is failing to stop at the .com.
It cannot be perfect as it is a "Natural Language" problem which are 
notoriously hard to solve.
However, I'll take a look at the parser and see if I can catch this one.

Ken A wrote:
>
>
> Julian Field wrote:
>> I think the answer is "nothing but log it", but test it out and let 
>> me know.
>
> Looks like there may be a parsing problem in the phishing code.
> MailScanner logs this:
>
> Found phishing fraud from www.bizrate.com claiming to be 
> www.foralimitedtime,getupto30%%offonalldwellbeddingandpillowsatwrapables.com.payo 
> in k2RGgTj4022846
>
> Here's the html in the email that triggered this:
>
> <A href="http://www.bizrate.com/mkt.xpml?eml_id=134000" style="color: 
> #000000;text-decoration:none;">For a limited time, get up to 30% off 
> on all Dwell Bedding and Pillows at Wrapables.com. Pay only $5 to ship 
> everything! Click now and save!</a>
>
> Thanks,
>
> Ken Anderson
> Pacific.Net
>
>
>
>> Ken A wrote:
>>> Julian,
>>> That sounds like a nice improvement. I had turned off the phishing 
>>> code due to false positives with it, but will give it a shot with 
>>> "Use Stricter Phishing Net = no".
>>>
>>> If I have Phishing Modify Subject = no, and Highlight Phishing Fraud 
>>> = no, what does MailScanner do when it finds a phishing attempt? I'm 
>>> hoping the answer is "nothing but log it", so that I can use this 
>>> configuration for testing.
>>>
>>> Thanks,
>>> Ken A
>>> Pacific.Net
>>>
>>> Julian Field wrote:
>>>> I have just released a new beta version 4.52.1.
>>>>
>>>> There is 1 new feature in this release, but it will be important to 
>>>> some of you, so please read on. It affects the phishing net, and 
>>>> may give you pretty good protection against phishing scams, while 
>>>> having a much lower false alarm rate than the full phishing net 
>>>> code that has been there so far.
>>>>
>>>>  You can now set "Use Stricter Phishing Net = no" which will make the
>>>>  phishing net just check the name of the company owning the 
>>>> website, along
>>>>  with any country code of course. There is a configuration file 
>>>> containing
>>>>  a list of all the 2nd and 3rd level domain names in use by all 
>>>> countries,
>>>>  it lists domain endings such as "org.uk" which are used by a 
>>>> country to
>>>>  describe a whole type of websites within their country. So if the 
>>>> website
>>>>  is "www.hello.company.com" it knows to check just company.com, 
>>>> whereas
>>>>  given "www.byebye.charity.org.uk" it will check charity.org.uk.
>>>>  The configuration file "Country Sub-Domains List" lists all the 
>>>> entries
>>>>  required for this to work in any country, 1 per line. You 
>>>> shouldn't need
>>>>  to touch this file.
>>>>
>>>> I hope you find this new feature useful, and it may enable some of 
>>>> you (particularly large ISPs) to provide your customers and users 
>>>> with a high level of protection against phishing scams.
>>>>
>>>> Let me know how you get on.
>>>>
>>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list