MS 4.54.6 failing to tag a phishing message
René Berber
r.berber at computer.org
Fri Sep 1 17:07:24 IST 2006
Rick Chadderdon wrote:
> Are you, by any chance, using Thunderbird to read the message?
No.
> If so,
> be sure that your client is set to view messages as either "Simple HTML"
> or "Original HTML" for that account. When I tested your HTML through my
> MailScanner, I thought at first that it had failed for me, too. Then
> when viewing the message source I saw that I was wrong.
Interesting, but that is a different scenario.
The message was read by a person using Outlook which shows html, and looking at
the raw mailbox of that person there was no multi-part or text on that message.
So it went through my MS with no detection at all.
[snip]
> Since the MailScanner phishing warning was HTML, it was not displayed.
> If I view the message body as HTML, the warning is shown. If I send the
> message as "plain text only" or "HTML only" I get slightly different
> results, but the phishing warning is always visible. For me,
> MailScanner caught your sample URL every time I tried it.
That's what I needed to know...
> Now the
> phishing warning was a bit odd: "...claiming to be
> https://boveda.banamex.com.mx/serban/www.boveda.banamex." - it tacked
> stuff on after the "serban/". I suppose there's a bug there, but for
> the most part I'm seeing a Thunderbird display issue.
>
> I am running MailScanner 4.55.10 on FreeBSD RELEASE 6.0, so it's
> possible that something was fixed after your version that is causing
> yours to fail to catch that particular link.
I'll update MS this weekend and test again.
Thanks.
--
René Berber
More information about the MailScanner
mailing list