From michaelaraujo at compos.net.br Thu Oct 1 14:33:51 2020 From: michaelaraujo at compos.net.br (Michael Araujo) Date: Thu, 1 Oct 2020 11:33:51 -0300 (BRT) Subject: Change the score for whitelisted emails Message-ID: <2043328786.789876.1601562831126.JavaMail.zimbra@compos.net.br> Dear, I have a Mailwatch with Mailscanner that filters my Zimbra's spam. However I recently updated my Zimbra and other things in Mailwatch with Mailscanner and the emails that are in the white list are going to the Zimbra spam box. I checked the header and realized that when I leave the mailwatch, it has a score of 0, however Zimbra performs another check and scores again and marks it as spam. I don't want to disable amavis from my Zimbra because my Mailwatch and Mailscanner is not 100%, so I would like to put a very low score for emails that are in the white list, so that when it arrives in Zimbra it will pass even if it scores . I searched the internet and unfortunately I couldn't find anything that can help me with changing the white list punctuation. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kenneth at khansen-it.dk Fri Oct 2 15:18:55 2020 From: kenneth at khansen-it.dk (Kenneth Hansen) Date: Fri, 2 Oct 2020 17:18:55 +0200 Subject: Change the score for whitelisted emails In-Reply-To: <2043328786.789876.1601562831126.JavaMail.zimbra@compos.net.br> References: <2043328786.789876.1601562831126.JavaMail.zimbra@compos.net.br> Message-ID: <335AA965-2060-4D99-A141-0AC7F612CAEA@khansen-it.dk> Hi I have not worked much with Zimbra, but I do not believe that there is a way get what you want. The best solution would be to tell Zimbra that anything coming from MailScanner is not to be scanned by Zimbra/amavis Regards Kenneth > Den 1. okt. 2020 kl. 16.33 skrev Michael Araujo : > > ? > Dear, > > I have a Mailwatch with Mailscanner that filters my Zimbra's spam. However I recently updated my Zimbra and other things in Mailwatch with Mailscanner and the emails that are in the white list are going to the Zimbra spam box. > > I checked the header and realized that when I leave the mailwatch, it has a score of 0, however Zimbra performs another check and scores again and marks it as spam. > > I don't want to disable amavis from my Zimbra because my Mailwatch and Mailscanner is not 100%, so I would like to put a very low score for emails that are in the white list, so that when it arrives in Zimbra it will pass even if it scores . > > I searched the internet and unfortunately I couldn't find anything that can help me with changing the white list punctuation. > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From th3penguinwhisperer at gmail.com Fri Oct 2 15:55:14 2020 From: th3penguinwhisperer at gmail.com (PenguinWhispererThe) Date: Fri, 2 Oct 2020 17:55:14 +0200 Subject: Releasing message from quarantine comes from postmaster In-Reply-To: <8c5bf0ed6fae4678b4127592543a2e3c@EXCH1.cs.fsu.edu> References: <5c647365-f5bf-f77e-05bc-84862c823d0b@msapiro.net> <8c5bf0ed6fae4678b4127592543a2e3c@EXCH1.cs.fsu.edu> Message-ID: Thank you sir! This will also work with Postfix? (I assume the answer is yes and it's just going to be a wrapper or something) On Wed, 30 Sep 2020 at 20:34, James Yu Wang wrote: > Change conf.php: > > > > define('QUARANTINE_USE_SENDMAIL', false); > > to > > define('QUARANTINE_USE_SENDMAIL', true); > > > > James > > > > *From:* MailScanner cs.fsu.edu at lists.mailscanner.info> *On Behalf Of *PenguinWhispererThe > *Sent:* Wednesday, September 30, 2020 2:14 PM > *To:* MailScanner Discussion > *Subject:* Re: Releasing message from quarantine comes from postmaster > > > > Alright. I'll check what possibilities I have with Mailwatch. Thanks! > > > > On Wed, 30 Sep 2020 at 16:21, Mark Sapiro wrote: > > On 9/30/20 2:30 AM, PenguinWhispererThe wrote: > > Hi, > > > > Every once in a while I have to release messages from quarantine. > > However when I do so the mail that is released to the recipient has the > > postmaster as the FROM and a subject set to 'Message release from > > quarantine'. > > I'd prefer that the message is released with the original FROM and > > subject. So just as if nothing happened and the mail got to the mailbox > > right away. > > > It appears this is a MailWatch issue, not a MailScanner issue. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From yuwang at cs.fsu.edu Fri Oct 2 15:57:23 2020 From: yuwang at cs.fsu.edu (James Wang) Date: Fri, 02 Oct 2020 11:57:23 -0400 Subject: Releasing message from quarantine comes from postmaster In-Reply-To: References: <5c647365-f5bf-f77e-05bc-84862c823d0b@msapiro.net> <8c5bf0ed6fae4678b4127592543a2e3c@EXCH1.cs.fsu.edu> Message-ID: <4ac472198804a6dd4941f11fd81f5209@cs.fsu.edu> Yes. We use postfix too. On 2020-10-02 11:55, PenguinWhispererThe wrote: > Thank you sir! This will also work with Postfix? (I assume the answer > is yes and it's just going to be a wrapper or something) > > On Wed, 30 Sep 2020 at 20:34, James Yu Wang wrote: > >> Change conf.php: >> >> define('QUARANTINE_USE_SENDMAIL', false); >> >> to >> >> define('QUARANTINE_USE_SENDMAIL', true); >> >> James >> >> FROM: MailScanner >> ON >> BEHALF OF PenguinWhispererThe >> SENT: Wednesday, September 30, 2020 2:14 PM >> TO: MailScanner Discussion >> SUBJECT: Re: Releasing message from quarantine comes from postmaster >> >> >> Alright. I'll check what possibilities I have with Mailwatch. >> Thanks! >> >> On Wed, 30 Sep 2020 at 16:21, Mark Sapiro wrote: >> >>> On 9/30/20 2:30 AM, PenguinWhispererThe wrote: >>>> Hi, >>>> >>>> Every once in a while I have to release messages from >>> quarantine. >>>> However when I do so the mail that is released to the recipient >>> has the >>>> postmaster as the FROM and a subject set to 'Message release >>> from >>>> quarantine'. >>>> I'd prefer that the message is released with the original FROM >>> and >>>> subject. So just as if nothing happened and the mail got to the >>> mailbox >>>> right away. >>> >>> It appears this is a MailWatch issue, not a MailScanner issue. >>> >>> -- >>> Mark Sapiro The highway is for gamblers, >>> San Francisco Bay Area, California better use your sense - B. >>> Dylan >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner -- James Wang CS Systems From michaelaraujo at compos.net.br Fri Oct 2 15:58:53 2020 From: michaelaraujo at compos.net.br (Michael Araujo) Date: Fri, 2 Oct 2020 12:58:53 -0300 (BRT) Subject: Change the score for whitelisted emails In-Reply-To: <335AA965-2060-4D99-A141-0AC7F612CAEA@khansen-it.dk> References: <2043328786.789876.1601562831126.JavaMail.zimbra@compos.net.br> <335AA965-2060-4D99-A141-0AC7F612CAEA@khansen-it.dk> Message-ID: <37059689.826342.1601654333032.JavaMail.zimbra@compos.net.br> Dear, Thanks for the answer, what I wanted to do is adjust in Mailscanner and Mailwatch and not in Zimbra, because as I said, my Mailscanner is not 100% it lets many spans pass, while Zimbra can catch them. The point is to set the e-mails punctuation of the white list in Mailscanner to -100, so Zimbra when it arrives will have no problem. I looked in the Mailscanner configuration files for the white list, but I didn't find anything, so I'm here asking for your help, to make this adjustment in Mailwatch and Mailscanner, I believe this adjustment is possible since Mailscanner when you receive the e- mail marked as white list it clears the score. De: "Kenneth Hansen" Para: "mailscanner" Enviadas: Sexta-feira, 2 de outubro de 2020 12:18:55 Assunto: Re: Change the score for whitelisted emails Hi I have not worked much with Zimbra, but I do not believe that there is a way get what you want. The best solution would be to tell Zimbra that anything coming from MailScanner is not to be scanned by Zimbra/amavis Regards Kenneth Den 1. okt. 2020 kl. 16.33 skrev Michael Araujo : BQ_BEGIN Dear, I have a Mailwatch with Mailscanner that filters my Zimbra's spam. However I recently updated my Zimbra and other things in Mailwatch with Mailscanner and the emails that are in the white list are going to the Zimbra spam box. I checked the header and realized that when I leave the mailwatch, it has a score of 0, however Zimbra performs another check and scores again and marks it as spam. I don't want to disable amavis from my Zimbra because my Mailwatch and Mailscanner is not 100%, so I would like to put a very low score for emails that are in the white list, so that when it arrives in Zimbra it will pass even if it scores . I searched the internet and unfortunately I couldn't find anything that can help me with changing the white list punctuation. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner BQ_END -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From th3penguinwhisperer at gmail.com Fri Oct 2 16:18:02 2020 From: th3penguinwhisperer at gmail.com (PenguinWhispererThe) Date: Fri, 2 Oct 2020 18:18:02 +0200 Subject: Releasing message from quarantine comes from postmaster In-Reply-To: References: <5c647365-f5bf-f77e-05bc-84862c823d0b@msapiro.net> <8c5bf0ed6fae4678b4127592543a2e3c@EXCH1.cs.fsu.edu> Message-ID: Just did a quick test and this indeed resolved the issue. Thanks! On Fri, 2 Oct 2020 at 17:55, PenguinWhispererThe < th3penguinwhisperer at gmail.com> wrote: > Thank you sir! This will also work with Postfix? (I assume the answer is > yes and it's just going to be a wrapper or something) > > On Wed, 30 Sep 2020 at 20:34, James Yu Wang wrote: > >> Change conf.php: >> >> >> >> define('QUARANTINE_USE_SENDMAIL', false); >> >> to >> >> define('QUARANTINE_USE_SENDMAIL', true); >> >> >> >> James >> >> >> >> *From:* MailScanner > cs.fsu.edu at lists.mailscanner.info> *On Behalf Of *PenguinWhispererThe >> *Sent:* Wednesday, September 30, 2020 2:14 PM >> *To:* MailScanner Discussion >> *Subject:* Re: Releasing message from quarantine comes from postmaster >> >> >> >> Alright. I'll check what possibilities I have with Mailwatch. Thanks! >> >> >> >> On Wed, 30 Sep 2020 at 16:21, Mark Sapiro wrote: >> >> On 9/30/20 2:30 AM, PenguinWhispererThe wrote: >> > Hi, >> > >> > Every once in a while I have to release messages from quarantine. >> > However when I do so the mail that is released to the recipient has the >> > postmaster as the FROM and a subject set to 'Message release from >> > quarantine'. >> > I'd prefer that the message is released with the original FROM and >> > subject. So just as if nothing happened and the mail got to the mailbox >> > right away. >> >> >> It appears this is a MailWatch issue, not a MailScanner issue. >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Fri Oct 2 16:36:48 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Fri, 2 Oct 2020 12:36:48 -0400 Subject: Change the score for whitelisted emails Message-ID: <46060ad0-7e4d-492f-3ad5-348f635458f2@summitgrid.com> Whitelisting is equivalent to not scoring in MailScanner because it bypasses SpamAssassin.? To achieve what you want, you need to look at writing rulesets for SpamAssassin so that you can give a negative score instead. > Original Message > To: mailscanner > From: Michael Araujo > Date: 10/2/20, 11:58 AM > Subject: Re: Change the score for whitelisted emails > > Dear, > > Thanks for the answer, what I wanted to do is adjust in Mailscanner and Mailwatch and not in Zimbra, because as I said, my Mailscanner is not 100% it lets many spans pass, while Zimbra can catch them. > > The point is to set the e-mails punctuation of the white list in Mailscanner to -100, so Zimbra when it arrives will have no problem.> > > I looked in the Mailscanner configuration files for the white list, but I didn't find anything, so I'm here asking for your help, to make this adjustment in Mailwatch and Mailscanner, I believe this adjustment is possible since Mailscanner when you receive the e- mail marked as white list it clears the score. > From mailinglists at feedmebits.nl Tue Oct 6 17:13:28 2020 From: mailinglists at feedmebits.nl (Maarten) Date: Tue, 06 Oct 2020 19:13:28 +0200 Subject: virus-scanners Message-ID: <92ba466207816afc527f9b7361e60793@feedmebits.nl> Hello All, I have been running the free sopshos-av on my VPS for quite sometime. The page where you used to be able to download it also offline. Tue 06 Oct 2020 06:50:06 PM CEST: update.updated Updated to versions - SAV: 9.16.2, Engine: 3.79.0, Data: 5.78 Tue 06 Oct 2020 06:50:06 PM CEST: update.updated Successfully updated Sophos Anti-Virus from sdds:SOPHOS Seems like the virus definitions haven't been updated in a long time. /opt/sophos-av/log/savupdate-debug.log.2:2020-09-17 09:17:04,402 DEBUG savupdate.util.Logger: UPDATED_TO_VERSION 9.16.2 3.79.0 5.78 /opt/sophos-av/log/savupdate-debug.log.2:2020-09-17 15:17:00,022 DEBUG savupdate.util.Logger: UPDATED_TO_VERSION 9.16.2 3.79.0 5.78 /opt/sophos-av/log/savupdate-debug.log.2:2020-09-17 22:17:01,174 DEBUG savupdate.util.Logger: UPDATED_TO_VERSION 9.16.2 3.79.0 5.78 /opt/sophos-av/log/savupdate-debug.log.2:2020-09-18 03:17:02,246 DEBUG savupdate.util.Logger: UPDATED_TO_VERSION 9.16.2 3.79.0 5.78 I looked at some alternatives in virus.scanners.conf but none of them really seem as that great when I go to check them out. Does anybody know if sophos discontinued this free virus-scanner? If so what are good alternatives besides clamav? Maarten From andy.hunter at bookshop.org Tue Oct 27 14:01:11 2020 From: andy.hunter at bookshop.org (Andy Hunter) Date: Tue, 27 Oct 2020 10:01:11 -0400 Subject: erroneous fraud warning - can you help? Message-ID: Hello, I am sorry if this is not the proper use of this list, but I need help. My company is legitimate, but is somehow being flagged by mailscanner. Links to Bookshop.org get this warning: *MailScanner has detected definite fraud in the website at "linkprotect.cudasvc.com". Do not trust this website:* Bookshop.org Our payments are handled by Stripe, Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. We are an alternative online bookstore that supports local businesses that are competing with Amazon. All transactions are secure and free of fraud. How do we remedy this error message? -- Andy Hunter Founder & CEO, Bookshop.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Wed Oct 28 04:31:38 2020 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 27 Oct 2020 21:31:38 -0700 Subject: {Disarmed} erroneous fraud warning - can you help? In-Reply-To: References: Message-ID: <3826c7da-4566-968d-d548-df137054c50f@msapiro.net> On 10/27/20 7:01 AM, Andy Hunter wrote: > Hello, I am sorry if this is not the proper use of this list, but I need > help. > > My company is legitimate, but is somehow being flagged by mailscanner. > Links to Bookshop.org get this warning:??*MailScanner has detected > definite fraud in the website at "linkprotect.cudasvc.com". Do /not/ > trust this website:* *MailScanner has detected definite fraud in the > website at "linkprotect.cudasvc.com". Do?/not/?trust this > website:*?Bookshop.org Something in your mail delivery chain is changing a link that looks like Bookshop.org What is doing that? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From shawniverson at summitgrid.com Wed Oct 28 11:30:35 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Wed, 28 Oct 2020 07:30:35 -0400 Subject: erroneous fraud warning - can you help? In-Reply-To: References: Message-ID: <5df8c077-230d-256f-b5bf-46479248200d@summitgrid.com> If you are using a link protection service, you will want to turn off this option in MailScanner: Highlight Phishing Fraud = No On 10/27/20 10:01 AM, Andy Hunter wrote: > Hello, I am sorry if this is not the proper use of this list, but I > need help. > > My company is legitimate, but is somehow being flagged by mailscanner. > Links to Bookshop.org get this warning: *MailScanner has detected > definite fraud in the website at "linkprotect.cudasvc.com". Do /not/ > trust this website:* *MailScanner has detected definite fraud in the > website at "linkprotect.cudasvc.com". Do /not/?trust this > website:*?Bookshop.org > > > Our payments are handled by Stripe, Stripe has been audited by a > PCI-certified auditor and is certified to PCI Service Provider Level > 1. This is the most stringent level of certification available in the > payments industry. > > We are an alternative online bookstore that supports local businesses > that are competing with Amazon. All transactions are secure and free > of fraud. How do we remedy this error message? > > -- > Andy Hunter > Founder & CEO, Bookshop.org > > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxsec at gmail.com Wed Oct 28 12:24:49 2020 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 28 Oct 2020 12:24:49 +0000 Subject: erroneous fraud warning - can you help? In-Reply-To: <5df8c077-230d-256f-b5bf-46479248200d@summitgrid.com> References: <5df8c077-230d-256f-b5bf-46479248200d@summitgrid.com> Message-ID: It?s because the link shows as one thing but sends you off elsewhere, hence looks dodgy Why the odd redirect? On Wed, 28 Oct 2020 at 11:30, Shawn Iverson via MailScanner < mailscanner at lists.mailscanner.info> wrote: > If you are using a link protection service, you will want to turn off this > option in MailScanner: > > Highlight Phishing Fraud = No > On 10/27/20 10:01 AM, Andy Hunter wrote: > > Hello, I am sorry if this is not the proper use of this list, but I need > help. > > My company is legitimate, but is somehow being flagged by mailscanner. > Links to Bookshop.org get this warning: *MailScanner has detected > definite fraud in the website at "linkprotect.cudasvc.com". Do not trust > this website:* *MailScanner has detected definite fraud in the website at > "linkprotect.cudasvc.com". Do not trust this website:* *MailScanner has > detected definite fraud in the website at "linkprotect.cudasvc.com". > Do not trust this website:* Bookshop.org > > > > Our payments are handled by Stripe, Stripe has been audited by a > PCI-certified auditor and is certified to PCI Service Provider Level 1. > This is the most stringent level of certification available in the payments > industry. > > We are an alternative online bookstore that supports local businesses that > are competing with Amazon. All transactions are secure and free of fraud. > How do we remedy this error message? > > -- > Andy Hunter > Founder & CEO, Bookshop.org > > -- > > Shawn Iverson > shawniverson at summitgrid.com > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From andy.hunter at bookshop.org Wed Oct 28 12:59:18 2020 From: andy.hunter at bookshop.org (Andy Hunter) Date: Wed, 28 Oct 2020 08:59:18 -0400 Subject: erroneous fraud warning - can you help? In-Reply-To: References: <5df8c077-230d-256f-b5bf-46479248200d@summitgrid.com> Message-ID: Thank you Martin for your response. US visitors go to https://bookshop.org, but UK visitors are redirected to https://uk.bookshop.org - is there any way to do that without being flagged in mailscanner as fraud? Andy On Wed, Oct 28, 2020 at 8:25 AM Martin Hepworth wrote: > > It?s because the link shows as one thing but sends you off elsewhere, > hence looks dodgy > > Why the odd redirect? > > On Wed, 28 Oct 2020 at 11:30, Shawn Iverson via MailScanner < > mailscanner at lists.mailscanner.info> wrote: > >> If you are using a link protection service, you will want to turn off >> this option in MailScanner: >> >> Highlight Phishing Fraud = No >> On 10/27/20 10:01 AM, Andy Hunter wrote: >> >> Hello, I am sorry if this is not the proper use of this list, but I need >> help. >> >> My company is legitimate, but is somehow being flagged by mailscanner. >> Links to Bookshop.org get this warning: *MailScanner has detected >> definite fraud in the website at "linkprotect.cudasvc.com". Do not trust >> this website:* *MailScanner has detected definite fraud in the website >> at "linkprotect.cudasvc.com". Do not trust this website:* *MailScanner >> has detected definite fraud in the website at "linkprotect.cudasvc.com". >> Do not trust this website:* Bookshop.org >> >> >> >> Our payments are handled by Stripe, Stripe has been audited by a >> PCI-certified auditor and is certified to PCI Service Provider Level 1. >> This is the most stringent level of certification available in the payments >> industry. >> >> We are an alternative online bookstore that supports local businesses >> that are competing with Amazon. All transactions are secure and free of >> fraud. How do we remedy this error message? >> >> -- >> Andy Hunter >> Founder & CEO, Bookshop.org >> >> -- >> >> Shawn Iverson >> shawniverson at summitgrid.com >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> -- > -- > Martin Hepworth, CISSP > Oxford, UK > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Andy Hunter Founder & CEO, Bookshop.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From john at wilcock.fr Wed Oct 28 13:54:01 2020 From: john at wilcock.fr (John Wilcock) Date: Wed, 28 Oct 2020 14:54:01 +0100 Subject: erroneous fraud warning - can you help? In-Reply-To: References: <5df8c077-230d-256f-b5bf-46479248200d@summitgrid.com> Message-ID: <66683f65b51684197165c6c1318f101a@wilcock.fr> Andy, That redirect, within the bookshop.org domain, is fine (and, presumably, occurs on the web server, not in the link you send out). The problem is that the email you quote has a link that appears to point at bookshop.org but actually points at linkprotect.cudasvc.com. You need to ascertain at what point in the mail chain the link is changed to go via that link protection service, and also which MailScanner server has flagged it as fraudulent. John On 2020-10-28 13:59, Andy Hunter wrote: > Thank you Martin for your response. > US visitors go to https://bookshop.org, but UK visitors are redirected > to https://uk.bookshop.org - is there any way to do that without being > flagged in mailscanner as fraud? > > Andy > > On Wed, Oct 28, 2020 at 8:25 AM Martin Hepworth > wrote: > > It's because the link shows as one thing but sends you off elsewhere, > hence looks dodgy > > Why the odd redirect? > > On Wed, 28 Oct 2020 at 11:30, Shawn Iverson via MailScanner > wrote: > > If you are using a link protection service, you will want to turn off > this option in MailScanner: > > Highlight Phishing Fraud = No > > On 10/27/20 10:01 AM, Andy Hunter wrote: > Hello, I am sorry if this is not the proper use of this list, but I > need help. > > My company is legitimate, but is somehow being flagged by mailscanner. > Links to Bookshop.org get this warning: MailScanner has detected > definite fraud in the website at "linkprotect.cudasvc.com". Do _not_ > trust this website: MailScanner has detected definite fraud in the > website at "linkprotect.cudasvc.com". Do _not_ trust this website: > MailScanner has detected definite fraud in the website at > "linkprotect.cudasvc.com". Do _not_ trust this website: Bookshop.org > [1] > > Our payments are handled by Stripe, Stripe has been audited by a > PCI-certified auditor and is certified to PCI Service Provider Level 1. > This is the most stringent level of certification available in the > payments industry. > > We are an alternative online bookstore that supports local businesses > that are competing with Amazon. All transactions are secure and free of > fraud. How do we remedy this error message? > -- > > Andy Hunter > Founder & CEO, Bookshop.org [2] > > -- > > Shawn Iverson > shawniverson at summitgrid.com > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner -- -- Martin Hepworth, CISSP Oxford, UK -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Andy Hunter Founder & CEO, Bookshop.org [2] Links: ------ [1] https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fBookshop.org&c=E,1,o56gMoT4pM9xf-POSW8SNpzj_1rLsZYITksfLNvu2fy0g02J2TH0SdO9erKsIMYtwDQq-zJTsq7GoXRBYG3hcgbx48ieuNKPFtn0v4I8ah7tW3NHA8gD0w,,&typo=1 [2] https://Bookshop.org -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: blocked.gif Type: image/gif Size: 118 bytes Desc: not available URL: From thomasl at mtl.mit.edu Thu Oct 29 18:57:42 2020 From: thomasl at mtl.mit.edu (Thomas Lohman) Date: Thu, 29 Oct 2020 14:57:42 -0400 Subject: erroneous fraud warning - can you help? In-Reply-To: References: Message-ID: <894748ba-f705-fb99-a9f3-e9f4f4bc1c08@mtl.mit.edu> Hi, As others have pointed out, the actual link is going to linkprotect.cudasvc.com which is listed in the phishing.bad.sites file. # grep cuda phishing.bad.sites.conf phishing.bad.sites.conf:linkprotect.cudasvc.com You can try adding it to the phishing.safe.sites.conf file but I can't recall if its listed in both files what happens. Also, if you are downloading these daily then your changes will get overridden. For my set up, I have a utility that runs when the new files are downloaded. It takes a custom safe phishing sites file that lists our custom entries, prepends it to the top of the downloaded safe sites phishing file and also removes any entry for those custom safe phishing sites that may exist in the downloaded bad sites phishing file. cheers, --tom From mark at msapiro.net Thu Oct 29 22:58:37 2020 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 29 Oct 2020 15:58:37 -0700 Subject: erroneous fraud warning - can you help? In-Reply-To: <894748ba-f705-fb99-a9f3-e9f4f4bc1c08@mtl.mit.edu> References: <894748ba-f705-fb99-a9f3-e9f4f4bc1c08@mtl.mit.edu> Message-ID: <8897f1d9-1c4c-2936-55eb-86ca325fbe11@msapiro.net> On 10/29/20 11:57 AM, Thomas Lohman wrote: > Hi, > > As others have pointed out, the actual link is going to > linkprotect.cudasvc.com which is listed in the phishing.bad.sites file. > > # grep cuda phishing.bad.sites.conf > phishing.bad.sites.conf:linkprotect.cudasvc.com > > You can try adding it to the phishing.safe.sites.conf file but I can't > recall if its listed in both files what happens.? Also, if you are > downloading these daily then your changes will get overridden. The place to add it is phishing.safe.sites.custom which does not get overridden, but this advice may be irrelevant. When senders complain about phishing and fraud warnings and disarming by MailScanner, the warnings they are concerned about may be added to outbound mail by MailScanner on their own server, but more likely, they are added by MailScanner in recipient domains over which they have no control. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From pparsons at techeez.com Thu Oct 29 23:37:02 2020 From: pparsons at techeez.com (Philip Parsons) Date: Thu, 29 Oct 2020 23:37:02 +0000 Subject: I know its the wrong list to post to Message-ID: <64b672df527f41e3b4fd240f6831240b@techeez.com> But no one is answering everywhere else so hopefully someone here has seen and fixed this..;-) Ubuntu 18.04.5 LTS Just updated to the clamav-unofficial-sigs Everything seems to be working but I get this error from the cron job.. Anyone got any ideas? /usr/bin/clamscan: relocation error: /usr/bin/clamscan: symbol cli_realpath version CLAMAV_PRIVATE not defined in file libclamav.so.9 with link time reference /usr/local/sbin/clamav-unofficial-sigs.sh: line 2149: [: : integer expression expected Thank you. Philip Parsons IT Specialist Techeez IT Consulting 250-818-2879 WhatsApp:12508182879 Skype ID: techeez www.techeez.com "Making IT easy" IMPORTANT NOTICE This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Fri Oct 30 00:35:14 2020 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 29 Oct 2020 17:35:14 -0700 Subject: I know its the wrong list to post to In-Reply-To: <64b672df527f41e3b4fd240f6831240b@techeez.com> References: <64b672df527f41e3b4fd240f6831240b@techeez.com> Message-ID: On 10/29/20 4:37 PM, Philip Parsons wrote: > But no one is answering everywhere else so hopefully someone here has > seen and fixed this..;-) > > ? > > Ubuntu 18.04.5 LTS > > Just updated to the clamav-unofficial-sigs > > ? > > Everything seems to be working but I get this error from the cron job.. > Anyone got any ideas? > > ? > > /usr/bin/clamscan: relocation error: /usr/bin/clamscan: symbol > cli_realpath version CLAMAV_PRIVATE not defined in file libclamav.so.9 > with link time reference The above looks like an issue with the clamav installation. I have clamav and clanscan 0.102.4 installed on Ubuntu 18.04 and don't see this issue, so I don't know what the issue is. > /usr/local/sbin/clamav-unofficial-sigs.sh: line 2149: [: : integer > expression expected I'm running clamav-unofficial-sigs.sh version 7.0.1 from https://github.com/extremeshok/clamav-unofficial-sigs. I don't see this. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From shawniverson at summitgrid.com Fri Oct 30 11:24:52 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Fri, 30 Oct 2020 07:24:52 -0400 Subject: I know its the wrong list to post to In-Reply-To: <64b672df527f41e3b4fd240f6831240b@techeez.com> References: <64b672df527f41e3b4fd240f6831240b@techeez.com> Message-ID: <5491ee83-3320-7106-bf56-e3a82548d3c1@summitgrid.com> I have not seen this, so I am not sure. The best I could suggest is spin up a fresh Ubuntu 18.04.5 LTS with these installed again and see if it has the same problem and maybe compare them? On 10/29/20 7:37 PM, Philip Parsons wrote: > But no one is answering everywhere else so hopefully someone here has > seen and fixed this..;-) > > Ubuntu 18.04.5 LTS > > Just updated to the clamav-unofficial-sigs > > Everything seems to be working but I get this error from the cron > job.. Anyone got any ideas? > > /usr/bin/clamscan: relocation error: /usr/bin/clamscan: symbol > cli_realpath version CLAMAV_PRIVATE not defined in file libclamav.so.9 > with link time reference > > /usr/local/sbin/clamav-unofficial-sigs.sh: line 2149: [: : integer > expression expected > > Thank you. > Philip Parsons > IT Specialist > > Techeez IT Consulting > > 250-818-2879 > > WhatsApp:12508182879 > > Skype ID: techeez > www.techeez.com "Making IT easy" > > IMPORTANT NOTICE > This e-mail is confidential, may be legally privileged, and is for the > intended recipient only. Access, disclosure, copying and distribution > or reliance on any of it by anyone else is prohibited and may be a > criminal offence. Please delete if obtained in error and e-mail > confirmation to the sender. > > > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: