Google sites still in phishing.bad.sites.conf?

[Thomas Lohman]

> Jules' assertion does not match with my experience, sorry. I've had the
> relevant Google sites in phishing.safe.sites.custom since we discussed
> this last month, but I still see "Found definite phishing fraud" entries
> from MailScanner in my mail logs.

I think one of the things that you're experiencing is that the safe 
sites has "*.google.com" in it and the bad sites has "drive.google.com" 
for example.  When Mailscanner then sees "drive.google.com", the bad 
site entry applies even though one might expect the safe site login 
should handle it since *.google.com should match any google.com domain 
hostname/address.  I would think adding "drive.google.com" to the custom 
safe site file should take care of things.  Like you, I've gotten 
complaints regarding google.com URLs getting false positives so I simply 
wrote a program that takes the bad and safe default files that are 
downloaded each night and it scans the safe and removes anything from 
the bad that matches the regular expressions in the safe. i.e. it sees 
*.google.com in safe so any address in bad that ends in .google.com is 
removed.  This fixed the problem for us.  I can't share the "program" 
since it's just an additional method that is part of a larger utility 
library that is site specific to us and our entire computer setup but it 
should be pretty easy to write something in your favorite language to do 
the same for your setup.


--tom