RE: [exim] Phishing Targets

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Herb Martin
Datum:  
To: 'Marc Perkel', exim-users
CC: 
Betreff: RE: [exim] Phishing Targets
> Thanks - I'm running ClamAV but what I'm trying to block
> isn't viruses.


First this is an INTERESTING effort you are making and I
would like to be kept informed of your progress.

But please allow a clarification: Those suggesting ClamAV
are referring to the apparently fact that ClamAV goes beyond
pure "virus scanning" and is also checking for some of these
phishing scams.

It may or may not do all that you wish -- or you may do well
to inform the ClamAV signature developers of your results...

> I'm trying to block phishing attempts where the users are
> tricked into giving up their account info. I did find a list
> and typed in the biggest names.


Cool.

The most interesting result would be mechanisms for
distinguishing valid emails from invalid ones and
malicious emails.

Here are some more (decent) leads:

Anti-Phishing Working Group
http://www.antiphishing.org/

Anti-Phishing Working Group Phishing Archive
http://www.antiphishing.org/phishing_archive.html
(nice list with subject lines easily extractable)


Herb Martin
HerbM@??? http://LearnQuick.Com
Accelerated MCSE in a Week Seminars

> 2checkout.com
> 2co.com
> amazon.com
> banknorth.com
> bankofamerica.com
> bankofoklahoma.com
> bankofthewest.com
> barclays.co.uk
> capitalone.com
> charteronebank.com
> charterone.com
> citibank.com
> citizensbank.com
> commercebank.com
> ebay.com
> e-gold.com
> fleetbank.com
> hsbc.co.uk
> huntington.com
> keybank.com
> lasallebank.com
> lloydstsb.co.uk
> mbna.com
> paypal.com
> regionsbank.com
> smithbarney.com
> southtrust.com
> suntrust.com
> tcfbank.com
> unionplanters.com
> usbank.com
> visa.com
> wamu.com
> wellsfargo.com



> This is the ACL I'm testing it with - but I hope to change
> the warn into a drop.
>
> warn    message    = X-Verify-failure: Sender domain does not match 
> received hosts! $sender_address_domain
>     log_message = Fraud - Sender domain does not match 
> received hosts! 
> $sender_address_domain
>     senders = *@dbm;/etc/exim/run/verifylist.db
>     !condition = ${if
> match{$h_Received:}{$sender_address_domain}{true}{false}}

>
> The idea is that if the sender is in this list then I compare
> the senders domain to the received lines and if it doesn't
> match - it's phishing. It should catch a lot of it.
>
>
> Odhiambo G. Washington wrote:
>
> >* Marc Perkel <marc@???> [20050630 00:42]: wrote:
> >
> >
> >Hi Marc,
> >
> >I looked at my rejectlog and found these mentions: southtrust.com
> >gte.net lasallebank.com - rejectlog because clamav detected and
> >rejected them.
> >So you'd be better of running ClamAv as your malware scanner.
> >No need to reinvent a wheel, but yeah, if you believe yours will be
> >better, then why not? ;)
> >
> >
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>