Google sites still in phishing.bad.sites.conf?

Paul Sand pas at unh.edu
Fri Oct 30 10:42:50 UTC 2015 

* Jerry Benton <jerry.benton at mailborder.com> [2015-10-30 06:02]:
> I have confirmed with Jules that the safe sites override the bad sites.
> Are you using the update script from phishing.mailborder.com ? 

Yes.

> If you are,
> it creates an additional .custom file for both safe and bad sites. Add
> your respective sites to each custom file. When the script runs to update
> the master list of sites, you custom sites should be placed at the top of
> each of the master files. (.conf files) 

Jules' assertion does not match with my experience, sorry. I've had the
relevant Google sites in phishing.safe.sites.custom since we discussed
this last month, but I still see "Found definite phishing fraud" entries
from MailScanner in my mail logs.

I think the relevant code is here:

https://github.com/MailScanner/v4/blob/master/mailscanner/bin/MailScanner/Message.pm

At line 7310:

    
      #
      # Known Dangerous Sites List code here
      #
      my $AlreadyReported = 0;
      if (InPhishingBlacklist($linkurl)) {
        use bytes;
        print MailScanner::Config::LanguageValue(0, 'definitefraudstart') .
              ' "' . $linkurl . '"' .
              MailScanner::Config::LanguageValue(0, 'definitefraudend') .
              ' ' if $PhishingHighlight;
        $DisarmPhishingFound = 1;
        $linkurl = substr $linkurl, 0, 80;
        $squashedtext = substr $squashedtext, 0, 80;
        $DisarmDoneSomething{'phishing'} = 1 if $PhishingHighlight;
        use bytes; # Don't send UTF16 to syslog, it breaks!
        MailScanner::Log::NoticeLog('Found definite phishing fraud from %s ' .
                                    'in %s', $DisarmLinkURL, $id);
                                    #'in %s', $linkurl, $id);
        no bytes;
        $AlreadyReported = 1;
      }

I don't see any provision for custom (or otherwise) safe sites. I would
expect to see a check for "InPhishingWhitelist($linkurl)" in that case
(which appears in a number of other places in the code).


-- 
-- Paul A Sand <pas at unh.edu>
-- Information Technology / University of New Hampshire
-- http://pubpages.unh.edu/~pas
-- No measurable fat content.

More information about the MailScanner mailing list