On Mon, 14 May 2007, Duncan Hill wrote: > From: Duncan Hill <[EMAIL PROTECTED]> > To: users@spamassassin.apache.org > Date: Mon, 14 May 2007 11:41:24 +0100 (BST) > Subject: Re: Does anyone catch this.... > > On Mon, May 14, 2007 11:32, Matt Hampton wrote: > > http://www.coders.co.uk/slipped.through.txt > > > > > > It has sailed through both a SA3.1.8 and SA3.2.0 (3.2.0-pre2-r512851) > > running on recent versions of MailScanner > > The ClamAV engine tends to work well on a large number of that > type of phish. Local testing shows DCC hitting it, but that's > about it. Doesn't help that Halifax don't publish SPF records.
In particular the Sanesecurity additions to ClamAV detect this as: Html.Phishing.Bank.Sanesecurity.06030604 We've detected (and rejected) over 1300 copies of this particular phishing scam over the last couple of weeks or so. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [EMAIL PROTECTED] Phone: +44 1225 386101
