Fwd: Phishing detection behaviour

[Achim J. Latz]

Hello Michael:

Did you get any feedback on your post below? Your observations seem to 
indicate that the phishing behaviour is not working correctly. What 
version of Mailscanner are you using?

Cheers, Achim

-------- Original Message --------
Subject: 	Phishing detection behaviour
Date: 	Tue, 11 Jan 2011 14:00:35 -0600
From: 	Michael Masse <mrm at medicine.wisc.edu>
Reply-To: 	MailScanner discussion <mailscanner at lists.mailscanner.info>
To: 	<mailscanner at lists.mailscanner.info>
Newsgroups: 	gmane.mail.virus.mailscanner



I'm trying to come up with a test to consistently trip the phishing
detection system so that I will know whether future rules I write will
work as intended. I can send an email from an outside account containing
something simple like <a href="www.real.com">www.fake.com</a> and the
system detects it properly like it should and puts the proper warning in
the body of the email. The problem is that the next time (and each
subsequent time) I send the same email from that same account, the
system doesn't detect the problem and lets it through without the
phishing warning. If I change the URL's within the email it will detect
the phish attempt again the first time those fake URL's are used, but
not any subsequent times I reuse them. Is this how it's supposed to
behave? I find that hard to believe. What setting could affect this?
-Mike
-------------- next part --------------
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!