Google sites still in phishing.bad.sites.conf?
Jerry Benton
jerry.benton at mailborder.com
Fri Oct 30 09:58:17 UTC 2015
Paul,
I have confirmed with Jules that the safe sites override the bad sites. Are you using the update script from phishing.mailborder.com ? If you are, it creates an additional .custom file for both safe and bad sites. Add your respective sites to each custom file. When the script runs to update the master list of sites, you custom sites should be placed at the top of each of the master files. (.conf files)
-
Jerry Benton
www.mailborder.com
> On Oct 29, 2015, at 11:53 AM, Paul Sand <pas at unh.edu> wrote:
>
> * Jerry Benton <jerry.benton at mailborder.com> [2015-10-29 11:34]:
>> add Google to your custom phishing safe sites
>
> That is not working for me, Jerry. As I said:
>
>>> The phishing.safe.sites.conf file contains (redundantly?):
>>>
>>> www.google.com
>>> docs.google.com
>>> *.google.com
>>>
>>> But apparently "bad" overrules "safe": I'm still seeing "Found definite
>>> phishing fraud" messages on innocuous links in incoming mail.
>>>
>>> Adding lines to phishing.safe.sites.custom is also (apparently) not
>>> saving the day.
>
> As near as I can tell the "Definite Fraud" check in MailScanner/Message.pm
> (around line 7240) does not check the "safe" list. (I could be missing
> something, doing something wrong, etc.)
>
>
> What I have done is add a 'grep -v' to /usr/sbin/update_bad_phishing_sites:
>
> cat phishing.bad.sites.custom phishing.bad.sites.conf.master | \
> grep -v .google.com$ | \
> uniq > phishing.bad.sites.conf.new
>
> But I shouldn't have had to do that.
>
> --
> -- Paul A Sand <pas at unh.edu>
> -- Information Technology / University of New Hampshire
> -- http://pubpages.unh.edu/~pas
> -- Too big to fail.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
More information about the MailScanner
mailing list