phishing sites: local and remote
David Lee
t.d.lee at durham.ac.uk
Wed Feb 4 16:31:06 GMT 2009
We try to use MS configs (currently 4.72.5) reasonably close to the
distributed version. That includes taking the routine updates to
"phishing.bad.sites.conf" and "phishing.safe.sites.conf".
Being a university, we are also getting badly hit by spear-phishing
attempts against our users. We noticed that some of incoming bait
contained URLs similar to ours. Our true URLs are of the form:
http://...durham.ac.uk/...
The incoming bait reads:
http://...durham.ac.uk.spammer.bad/...
(Real life pattern-matching would need more subtlety than that, but you
get the idea.)
The routine anti-phishing stuff detects dubious URLs etc and displays
bright red "possible fraud" warnings.
It would be nice if we could supplement this with an additional,
locally-based, component that could be configured to match suspicious URLs
based on the local site name.
Is it possible to run such an antiphishing config, comprising both
Julian's standard set and a local component?
If not, might it be a worthwhile addition?
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: UNIX Team Leader Durham University :
: South Road :
: http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
More information about the MailScanner
mailing list