Google sites still in phishing.bad.sites.conf?

Paul Sand pas at unh.edu
Thu Oct 29 15:53:24 UTC 2015


* Jerry Benton <jerry.benton at mailborder.com> [2015-10-29 11:34]:
> add Google to your custom phishing safe sites

That is not working for me, Jerry. As I said:

> > The phishing.safe.sites.conf file contains (redundantly?):
> > 
> >    www.google.com
> >    docs.google.com
> >    *.google.com
> > 
> > But apparently "bad" overrules "safe": I'm still seeing "Found definite
> > phishing fraud" messages on innocuous links in incoming mail.
> > 
> > Adding lines to phishing.safe.sites.custom is also (apparently) not 
> > saving the day.

As near as I can tell the "Definite Fraud" check in MailScanner/Message.pm
(around line 7240) does not check the "safe" list. (I could be missing
something, doing something wrong, etc.)


What I have done is add a 'grep -v' to /usr/sbin/update_bad_phishing_sites:

    cat phishing.bad.sites.custom phishing.bad.sites.conf.master | \
    grep -v .google.com$ | \
    uniq > phishing.bad.sites.conf.new

But I shouldn't have had to do that.

-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- Too big to fail.


More information about the MailScanner mailing list