MS 4.54.6 failing to tag a phishing message

René Berber r.berber at computer.org
Fri Sep 1 17:07:24 IST 2006


Rick Chadderdon wrote:

> Are you, by any chance, using Thunderbird to read the message?

No.

> If so,
> be sure that your client is set to view messages as either "Simple HTML"
> or "Original HTML" for that account.  When I tested your HTML through my
> MailScanner, I thought at first that it had failed for me, too.  Then
> when viewing the message source I saw that I was wrong.

Interesting, but that is a different scenario.

The message was read by a person using Outlook which shows html, and looking at
the raw mailbox of that person there was no multi-part or text on that message.
 So it went through my MS with no detection at all.

[snip]
> Since the MailScanner phishing warning was HTML, it was not displayed.
> If I view the message body as HTML, the warning is shown.  If I send the
> message as "plain text only" or "HTML only" I get slightly different
> results, but the phishing warning is always visible.  For me,
> MailScanner caught your sample URL every time I tried it.

That's what I needed to know...

> Now the
> phishing warning was a bit odd:  "...claiming to be
> https://boveda.banamex.com.mx/serban/www.boveda.banamex." - it tacked
> stuff on after the "serban/".  I suppose there's a bug there, but for
> the most part I'm seeing a Thunderbird display issue.
> 
> I am running MailScanner 4.55.10 on FreeBSD RELEASE 6.0, so it's
> possible that something was fixed after your version that is causing
> yours to fail to catch that particular link.

I'll update MS this weekend and test again.

Thanks.
-- 
René Berber



More information about the MailScanner mailing list