Phishing

Joolee mailscanner at joolee.nl
Thu Apr 12 08:27:55 IST 2012


I used to use the Google Safe Browsing Api Perl module as a
Spamassassin plugin but since a few months, Google disabled the V1 API
and I still need to put some time into finding or making a V2
implementation.
I combined this with a modified "DecodeShortURLs.pm" that puts all
found URL's in the SpamAssassin's URL List so Google (and other
plugins) could also recognise shortened URL's.
(I also modified DecodeShortURLs to be able to regocnise iframes (for
beam.to) and interim pages by the form of "interim.php?url=***" (don't
remember which service that was for)

This combination worked really well. I only needed to add some country
specific SpamAssassin rules (in my case, Rabobank, ING Bank and ABN
Amro)

Don't forget to report all found phishing url's to
http://www.phishtank.com! I built a "report phishing" button into
MailScanner :P

On 12 April 2012 08:26, Pramod Daya <pramod at mindspring.co.za> wrote:
> I'm having problems with phishing scams getting through - have installed ScamNailer 2.10, with the cron job running successfully, hourly, and also downloading the scamnailer.ndb file from www.mailscanner.eu (Should I be doing that as well as running the cron job ?)
>
> Most are trapped, but enough get through daily that I'm sure it can be improved.  Can one expect 100% of phishing to be stopped, or is that an unreasonable expectation ?
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


More information about the MailScanner mailing list