Google sites still in phishing.bad.sites.conf?

Paul Sand pas at
Fri Oct 30 10:42:50 UTC 2015

* Jerry Benton <jerry.benton at> [2015-10-30 06:02]:
> I have confirmed with Jules that the safe sites override the bad sites.
> Are you using the update script from ? 


> If you are,
> it creates an additional .custom file for both safe and bad sites. Add
> your respective sites to each custom file. When the script runs to update
> the master list of sites, you custom sites should be placed at the top of
> each of the master files. (.conf files) 

Jules' assertion does not match with my experience, sorry. I've had the
relevant Google sites in since we discussed
this last month, but I still see "Found definite phishing fraud" entries
from MailScanner in my mail logs.

I think the relevant code is here:

At line 7310:

      # Known Dangerous Sites List code here
      my $AlreadyReported = 0;
      if (InPhishingBlacklist($linkurl)) {
        use bytes;
        print MailScanner::Config::LanguageValue(0, 'definitefraudstart') .
              ' "' . $linkurl . '"' .
              MailScanner::Config::LanguageValue(0, 'definitefraudend') .
              ' ' if $PhishingHighlight;
        $DisarmPhishingFound = 1;
        $linkurl = substr $linkurl, 0, 80;
        $squashedtext = substr $squashedtext, 0, 80;
        $DisarmDoneSomething{'phishing'} = 1 if $PhishingHighlight;
        use bytes; # Don't send UTF16 to syslog, it breaks!
        MailScanner::Log::NoticeLog('Found definite phishing fraud from %s ' .
                                    'in %s', $DisarmLinkURL, $id);
                                    #'in %s', $linkurl, $id);
        no bytes;
        $AlreadyReported = 1;

I don't see any provision for custom (or otherwise) safe sites. I would
expect to see a check for "InPhishingWhitelist($linkurl)" in that case
(which appears in a number of other places in the code).

-- Paul A Sand <pas at>
-- Information Technology / University of New Hampshire
-- No measurable fat content.

More information about the MailScanner mailing list