Google sites still in phishing.bad.sites.conf?
thomasl at mtl.mit.edu
Fri Oct 30 12:02:08 UTC 2015
> Jules' assertion does not match with my experience, sorry. I've had the
> relevant Google sites in phishing.safe.sites.custom since we discussed
> this last month, but I still see "Found definite phishing fraud" entries
> from MailScanner in my mail logs.
I think one of the things that you're experiencing is that the safe
sites has "*.google.com" in it and the bad sites has "drive.google.com"
for example. When Mailscanner then sees "drive.google.com", the bad
site entry applies even though one might expect the safe site login
should handle it since *.google.com should match any google.com domain
hostname/address. I would think adding "drive.google.com" to the custom
safe site file should take care of things. Like you, I've gotten
complaints regarding google.com URLs getting false positives so I simply
wrote a program that takes the bad and safe default files that are
downloaded each night and it scans the safe and removes anything from
the bad that matches the regular expressions in the safe. i.e. it sees
*.google.com in safe so any address in bad that ends in .google.com is
removed. This fixed the problem for us. I can't share the "program"
since it's just an additional method that is part of a larger utility
library that is site specific to us and our entire computer setup but it
should be pretty easy to write something in your favorite language to do
the same for your setup.
More information about the MailScanner