On Sat, 13 May 2023, Matus UHLAR - fantomas wrote:
But I was more interested if SA already has something like that?
It does not.
On Fri, 12 May 2023, Loren Wilton wrote:
Weren't there a whole set of "FUZZY" rules once?
On 12.05.23 20:01, John Hardin wrote:
There still are.
however these rules only search for words like viagra, unubscribe etc.
they don't compare domains to each other.
The techniques should apply to header rules assuming the ReplaceTags works
on header rules. I don't know any reson it wouldn't, I've just never tried
it.
It would be difficult to provide site-specific phishing rules in the base
ruleset, of course, but perhaps some examples could be added for domains
like (as noted) paypal.com, and those could be used as examples for
someone wanting to make a site-custom phishing rule.
I'll try to play with that this weekend and see if it bears fruit.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
When designing software, any time you think to yourself "a user
would never be stupid enough to do *that*", you're wrong.
-----------------------------------------------------------------------
Tomorrow: the 75th anniversary of Israel's independence
