phishing.bad.sites.conf v ScamNailer
rlopezcnm at gmail.com
Thu Dec 17 22:46:43 GMT 2009
On Thu, Dec 17, 2009 at 12:46 PM, Kai Schaetzl <maillists at conactive.com> wrote:
> Mark Sapiro wrote on Thu, 17 Dec 2009 09:50:41 -0800:
>> I don't get it. When I installed the 4.79.4 rpm, it installed a
>> /etc/MailScanner/phishing.bad.sites.conf.rpmnew and
>> update_phishing_sites runs regularly and gets an aproximately 290K
>> What's the problem?
> Hm, thanks for *this* info!
> I have an older version (June) and Robert may have as well.
> I suppose something must have changed since then (e.g. retrieval of the
> hostnames like the scamnailer paackage does it?).
> I get this output from running the script:
> Reading status from
> Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/2009
> -503 exists... no - reseting..... ok
> Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/-1.0
> exists... ok
> I am working with: Current: 2009-504 - 0 and Status: -1 - 0
> This is base update
> Unable to retrieve http://www.mailscanner.tv/.2009-504 :500 Can't connect
> to www.mailscanner.tv:80 (connect: timeout)
> Update required
> Updating live file /etc/MailScanner/phishing.bad.sites.conf
> cp: cannot stat
> `/var/spool/MailScanner/quarantine/phishingupdate/cache//2009-504': No
> such file or directory
> and this leaves one without a phishing.bad.sites.conf as this has been
> moved to phishing.bad.sites.conf.old which will get eventually overwritten
> with an empty file on the next run.
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
Yes. Old in MailScanner terms (still current in Ubuntu terms):
# MailScanner --version
Linux mg05 2.6.28-11-server #42-Ubuntu SMP Fri Apr 17 02:45:36 UTC
2009 x86_64 GNU/Linux
This is Perl version 5.010000 (5.10.0)
This is MailScanner version 4.74.16
Unless I am terribly confused, I think ScanNailer == jkf.phishing.
I have that running and it is being updated:
# ls -l /var/cache/jkf.phishingupdate/*
-rw-r--r-- 1 root root 411561 2009-12-16 17:17
-rw-r--r-- 1 root root 410713 2009-12-15 17:17
-rw-r--r-- 1 root root 11 2009-12-16 17:17
-rw-r--r-- 1 root root 411561 2009-12-16 17:17 2009-504
I still have these files:
# ls -l /etc/MailScanner/phishing.*
-rw-r--r-- 1 root root 134840 2009-12-15 10:24
-rw-r--r-- 1 root root 4779 2009-10-20 15:44
and I am still editing them to insert files into both of them.
Into the phishing.bad.sites.conf I am adding the url of college
specific phishing sites that slip past all email defenses.
I have yet to see proof the url I put there are functioning.
Those seem to be short lived so maybe there is success but maybe the
url just have not been reused.
Sorry for any confusion.
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
More information about the MailScanner