Phishing fraud bug?
Koopmann, Jan-Peter
jan-peter at koopmann.eu
Mon Jul 9 18:20:54 IST 2007
Hi,
I think there is a strange bug in the phishing detection. Look at this
E-Mail Body snipplet (taken from Exim queue file):
1I7otX-000FTi-7d-D
This is a multi-part message in MIME format.
------_=_NextPart_001_01C7C205.D495F46E
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hallo Herr Koopmann,
--
Test AG
http://www.test.de
Vorstand: Alexander Test
Aufsichtsratvorsitzender: Claudius Test
This is what I get after MailScanner has finished:
MailScanner has detected a possible fraud attempt from
"www.test.devorstand" claiming to be http://www.test.de
Somehow MailScanner does not see that the URL is "http://www.test.de"
only. I can provide the complete Exim-Queue files for download in case
you need them Jules.
Kind regards,
JP
More information about the MailScanner
mailing list