MCP newbie question
Denis Beauchemin
Denis.Beauchemin at USherbrooke.ca
Mon May 15 20:50:50 IST 2006
Kai Schaetzl a écrit :
> Denis Beauchemin wrote on Mon, 15 May 2006 14:09:45 -0400:
>
>
>> I would like to get proactive and create special SA rules for phishing
>> attempts on our local banks.
>>
>> Problem is I don't get all those phishing emails myself... so I thought
>> about MCP...
>>
>
> Do you know Mailwatch? ClamAV detects many Phishing Mails and MailScanner
> shows them as {Phishing}. You can just scan the Mailwatch display or write
> a script that rips the data out of that database.
>
> No need for MCP, unless phishing for your local banks would not get
> detected by the existing rules, of course.
>
> Kai
>
>
Kai,
I already use Clam + www.sanesecurity.com Clam phishing sigs. I thought
this would make the emails detected as viruses and thus destroyed. But
my users are still complaining about phishing attempts (most of them in
French).
My users would like me to delete these emails before they even reach
them. That's why I inquired about MCP.
What would MailWatch do for me? I want to be able to look at the emails
to create new SA rules that would make the phishing attempts go to the
bit bucket. I think MW would just give me the same info I already have
in my maillog, which lacks the message body.
Thanks!
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3226 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060515/51e8fa31/smime.bin
More information about the MailScanner
mailing list