Re: fake URL's in mail

Wed, 23 Mar 2011 11:56:52 -0700 

On 3/23/11 2:50 PM, Matus UHLAR - fantomas wrote:

On 3/23/11 2:43 PM, Matus UHLAR - fantomas wrote:

I know about the problem with "legal" mail and spoofed URL's. That's why I
asked about plugin that would be able to accept whitelists.

I don't see if it's possible to combine this with matching some domains
while not matching others, e.g. allow

<a href="http://example.com/";>http://example.net</a>

while not allowing

<a href="http://example.org/";>http://example.net</a>

but I doubt this is possible with this kind of rules.

On 23.03.11 14:45, Michael Scheidell wrote:

that is why you do it with clamav.
clamav will trigger (if set up to do that) if the a href doesn't match.
and with clamav, you can set up exclusions (whitelist)

I'd be glad if I could do this, no matter if with clamav (however I find it
better within spamassassin since users could set up own whitelist the SA
way).

You are apparently talking about the PhishingAlwaysBlockSSLMismatch and/or
PhishingAlwaysBlockCloak but can you please point me to how to do these
black/whitelists?


this should help:

<www.clamav.net/doc/latest/phishsigs_howto.pdf>
if you create a user interface and let them whitelist those briliant marketing email that do stupid things, you should be able to script adding to wl. 

note:
an a ref with a visable string of 'click here for crap' is considered ok, while a a ref of bankofamerica.com.hacker.in.ru with a visable string of bankofamerica.com will trigger the phish sig. 



--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation

   * Best Intrusion Prevention Product, Networks Product Guide
   * Certified SNORT Integrator
   * Hot Company Award, World Executive Alliance
   * Best in Email Security, 2010 Network Products Guide
   * King of Spam Filters, SC Magazine

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________

Reply via email to