Dennis Davis schrieb:
On Mon, 14 May 2007, Duncan Hill wrote:
From: Duncan Hill <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org
Date: Mon, 14 May 2007 11:41:24 +0100 (BST)
Subject: Re: Does anyone catch this....
On Mon, May 14, 2007 11:32, Matt Hampton wrote:
http://www.coders.co.uk/slipped.through.txt
It has sailed through both a SA3.1.8 and SA3.2.0 (3.2.0-pre2-r512851)
running on recent versions of MailScanner
The ClamAV engine tends to work well on a large number of that
type of phish. Local testing shows DCC hitting it, but that's
about it. Doesn't help that Halifax don't publish SPF records.
In particular the Sanesecurity additions to ClamAV detect this as:
Html.Phishing.Bank.Sanesecurity.06030604
We've detected (and rejected) over 1300 copies of this particular
phishing scam over the last couple of weeks or so.
Link:
http://sanesecurity.co.uk/clamav/usage.htm
For Debian the example script (Example 1) had to be fixed (paths dont
match),
dont know if you need to fix it for other distris too ...
For testing use the sample fishing attachment.
--
hth
MH
Dont send mail to: [EMAIL PROTECTED]
--
