phishing.bad.sites.conf v ScamNailer

Mark Sapiro mark at msapiro.net
Fri Dec 18 16:36:26 GMT 2009 

Kai Schaetzl wrote:
> Mark Sapiro wrote on Thu, 17 Dec 2009 09:50:41 -0800:
> 
>> I don't get it. When I installed the 4.79.4 rpm, it installed a
>> /etc/MailScanner/phishing.bad.sites.conf.rpmnew and
>> update_phishing_sites runs regularly and gets an aproximately 290K
>> phishing.bad.sites.conf.
>>
>> What's the problem?
> 
> Hm, thanks for *this* info!
> 
> I have an older version (June) and Robert may have as well.
> I suppose something must have changed since then (e.g. retrieval of the 
> hostnames like the scamnailer paackage does it?).
> 
> I get this output from running the script:
> Reading status from 
> /var/spool/MailScanner/quarantine/phishingupdate/status
> Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/2009
> -503 exists... no - reseting..... ok
> Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/-1.0 
> exists... ok
> I am working with: Current: 2009-504 - 0 and Status: -1 - 0
> This is base update
> Unable to retrieve http://www.mailscanner.tv/.2009-504 :500 Can't connect 
> to www.mailscanner.tv:80 (connect: timeout)
> Update required
> Updating live file /etc/MailScanner/phishing.bad.sites.conf
> cp: cannot stat 
> `/var/spool/MailScanner/quarantine/phishingupdate/cache//2009-504': No 
> such file or directory
> 
> and this leaves one without a phishing.bad.sites.conf as this has been 
> moved to phishing.bad.sites.conf.old which will get eventually overwritten 
> with an empty file on the next run.


Now I'm really confused. That looks like output from a ScamNailer type
script, yet my, presumably current, /usr/sbin/update_phishing_sites
script doesn't do anything like that (and it's ID is $Id:
update_phishing_sites 3982 2007-06-26 09:00:39Z sysjkf $ indicating it
hasn't changed in years). It is attached as update_phishing_sites.txt

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
#!/bin/sh

#
#   MailScanner - SMTP E-Mail Virus Scanner
#   Copyright (C) 2002  Julian Field
#
#   $Id: update_phishing_sites 3982 2007-06-26 09:00:39Z sysjkf $
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#   The author, Julian Field, can be contacted by email at
#      Jules at JulianField.net
#   or by paper mail at
#      Julian Field
#      Dept of Electronics & Computer Science
#      University of Southampton
#      Southampton
#      SO17 1BJ
#      United Kingdom
#

PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/etc:/usr/local/bin:/usr/sfw/bin
export PATH

if [ -d /etc/MailScanner ]; then
    cd /etc/MailScanner
else
    logger -p mail.warn -t update.phishing.sites Cannot find MailScanner configuration directory, update failed.
    echo Cannot find MailScanner configuration directory.
    echo Auto-updates of phishing.safe.sites.conf will not happen.
    exit 1
fi

wget http://www.mailscanner.info/phishing.safe.sites.conf.master || \
curl -O http://www.mailscanner.info/phishing.safe.sites.conf.master || \
( logger -p mail.warn -t update.phishing.sites Cannot find wget or curl, update failed. ; echo Cannot find wget or curl to do phishing sites update. ; exit 1 )

if [ -s phishing.safe.sites.conf.master ]; then
    cat phishing.safe.sites.conf.master phishing.safe.sites.conf | \
    sort | uniq > phishing.safe.sites.conf.new
    cp -f phishing.safe.sites.conf phishing.safe.sites.conf.old
    mv -f phishing.safe.sites.conf.new phishing.safe.sites.conf
    chmod a+r phishing.safe.sites.conf
    logger -p mail.info -t update.phishing.sites Phishing safe sites list updated
else
    logger -p mail.info -t update.phishing.sites Phishing safe sites list update failed!
fi
rm -f phishing.safe.sites.conf.master

exit 0

More information about the MailScanner mailing list