phishing.bad.sites.conf v ScamNailer
Robert Lopez
rlopezcnm at gmail.com
Thu Dec 17 22:46:43 GMT 2009
On Thu, Dec 17, 2009 at 12:46 PM, Kai Schaetzl <maillists at conactive.com> wrote:
> Mark Sapiro wrote on Thu, 17 Dec 2009 09:50:41 -0800:
>
>> I don't get it. When I installed the 4.79.4 rpm, it installed a
>> /etc/MailScanner/phishing.bad.sites.conf.rpmnew and
>> update_phishing_sites runs regularly and gets an aproximately 290K
>> phishing.bad.sites.conf.
>>
>> What's the problem?
>
> Hm, thanks for *this* info!
>
> I have an older version (June) and Robert may have as well.
> I suppose something must have changed since then (e.g. retrieval of the
> hostnames like the scamnailer paackage does it?).
>
> I get this output from running the script:
> Reading status from
> /var/spool/MailScanner/quarantine/phishingupdate/status
> Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/2009
> -503 exists... no - reseting..... ok
> Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/-1.0
> exists... ok
> I am working with: Current: 2009-504 - 0 and Status: -1 - 0
> This is base update
> Unable to retrieve http://www.mailscanner.tv/.2009-504 :500 Can't connect
> to www.mailscanner.tv:80 (connect: timeout)
> Update required
> Updating live file /etc/MailScanner/phishing.bad.sites.conf
> cp: cannot stat
> `/var/spool/MailScanner/quarantine/phishingupdate/cache//2009-504': No
> such file or directory
>
> and this leaves one without a phishing.bad.sites.conf as this has been
> moved to phishing.bad.sites.conf.old which will get eventually overwritten
> with an empty file on the next run.
>
>
> Kai
>
> --
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
Yes. Old in MailScanner terms (still current in Ubuntu terms):
# MailScanner --version
Running on
Linux mg05 2.6.28-11-server #42-Ubuntu SMP Fri Apr 17 02:45:36 UTC
2009 x86_64 GNU/Linux
This is Perl version 5.010000 (5.10.0)
This is MailScanner version 4.74.16
<...>
Unless I am terribly confused, I think ScanNailer == jkf.phishing.
I have that running and it is being updated:
# ls -l /var/cache/jkf.phishingupdate/*
-rw-r--r-- 1 root root 411561 2009-12-16 17:17
/var/cache/jkf.phishingupdate/phishing.emails.list
-rw-r--r-- 1 root root 410713 2009-12-15 17:17
/var/cache/jkf.phishingupdate/phishing.emails.list.old
-rw-r--r-- 1 root root 11 2009-12-16 17:17
/var/cache/jkf.phishingupdate/status
/var/cache/jkf.phishingupdate/cache:
total 404
-rw-r--r-- 1 root root 411561 2009-12-16 17:17 2009-504
I still have these files:
# ls -l /etc/MailScanner/phishing.*
-rw-r--r-- 1 root root 134840 2009-12-15 10:24
/etc/MailScanner/phishing.bad.sites.conf
-rw-r--r-- 1 root root 4779 2009-10-20 15:44
/etc/MailScanner/phishing.safe.sites.conf
and I am still editing them to insert files into both of them.
Into the phishing.bad.sites.conf I am adding the url of college
specific phishing sites that slip past all email defenses.
I have yet to see proof the url I put there are functioning.
Those seem to be short lived so maybe there is success but maybe the
url just have not been reused.
Sorry for any confusion.
--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
More information about the MailScanner
mailing list