From mailscanner at barendse.to Mon Dec 30 12:38:40 2024 From: mailscanner at barendse.to (mailscanner at barendse.to) Date: Mon, 30 Dec 2024 13:38:40 +0100 (CET) Subject: Phishing Script and Server Update & Future Plans In-Reply-To: References: Message-ID: <25754cda-5415-5de6-a1e6-233f5ded4eed@barendse.to> Hi Shawn! I have downloaded the script from the site below but there is no version number in it just this line $Id: update_bad_safe_phishing_sites 3982 2017-08-22 09:00:39Z sysjkf $ Is it the correct file/version? Also, I couldn't find any ms-update-phishing scripts on my installations, I placed the download in /etc/cron.daily Is that correct? Thanks! Remco On Wed, 6 Nov 2024, Shawn Iverson via MailScanner wrote: > Thanks for the update Jerry!? I'll help on the MailScanner front. > > On Nov 6, 2024 7:20 AM, Jerry Benton wrote: > > I have updated the cron script for phishing bad/safe sites to v0.3.1. It is available here: https://phishing.mailscanner.info > > ? > > The phishing update server has been updated to use https, but will not force that connection and will now accept http. > > ? > > Several previous automatic bad site scrubs were removed for the google domain and several subdomains. This means you will need to add them to the phishing safe sites custom file to retain links to google domains. > > ? > > Uncompressed versions of the bad/safe sites files are no longer available. If you have an old script trying to download those files, it will fail. You will need to use the newer update script or modify any custom scripts > to download the compressed versions and then extract them for use. > > ? > > The phishing bad sites is compiled from Phishtank data. It essentially pulls the domains from the phishing links and puts them into a flat file for use in MailScanner. > > ? > > ? > > Future plan: > > ? > > I am looking into creating a mechanism to populate a SQLite database with phishing links instead of just domains. I am creating this for use in Mailborder, but will make the database available for MailScanner. In order to > be used in MailScanner someone would have to write the code to use it. (I have enough to do.) Once I create a base structure of what the database would look like, I will send out an update here with a link to the SQLite > database. Not sure how this would impact scanning speed at this time. It would of course depend on how big that database gets. > > ? > > The reason why I am looking into this ? > > ? > > I contacted Openphish about licensing cost to get their database. They want $10k per server per year for the ?light? version. That is just nuts. > > ? > > How you can help ? > > ? > > I need source data to compile this database. I can get some from Phishtank and a very small amount from Openphish free sources. I haven?t put a whole lot of cycles into this, but if you have any suggestions, please email > me. > > ? > > ? > > --? > > Jerry Benton > > www.mailborder.com > > +1 843-800-8605 > > ? > > > > From mark at msapiro.net Mon Dec 30 18:38:20 2024 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 30 Dec 2024 10:38:20 -0800 Subject: Phishing Script and Server Update & Future Plans In-Reply-To: <25754cda-5415-5de6-a1e6-233f5ded4eed@barendse.to> References: <25754cda-5415-5de6-a1e6-233f5ded4eed@barendse.to> Message-ID: <61b70ebb-c823-4a79-8218-f8a462e9f098@msapiro.net> On 12/30/24 04:38, mailscanner at barendse.to wrote: > Hi Shawn! > > I have downloaded the script from the site below but there is no version > number in it just this line > $Id: update_bad_safe_phishing_sites 3982 2017-08-22 09:00:39Z sysjkf $ > > Is it the correct file/version? Probably. > Also, I couldn't find any ms-update-phishing scripts on my > installations, I placed the download in /etc/cron.daily The script is /usr/sbin/ms-update-phishing. It is run daily if enabled (which it is by default) in /etc/MailScanner/defaults. See also the mailscanner files in /etc/cron.daily/ and /etc/cron.hourly/. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan