Marc wrote:
> The test I had thought of, which would be better suited
> in SA than Exim, is to check the links. If the text inside
> an A HREF tag perports to be from a common phishing target
> match it agains the URL the tag defines. If the tag URL does
> not match the domain inside the tag, score it wayyyyyy up.
I was already searching for existing Phish rules for SA, and
was really surprised there aren't more of them already available.
Steve wrote:
> But, hey, Clamav is catching 'em. I've actually seen a
> decrease lately and wondered where it had been coming from
> when a different message prompted me to look for those
> domains in my logs. :D
I am running Exim and SA in Cygwin and right now there
is a bug (or several) in getting mime scanning and clamd
to work. We solved the problem with SA by switching all
the writes to binary mode, but clamd (and even command
scanning) won't work for me now.
Neither will all the requirements for the CPAN ClamAV make
and install so unless I start running a Virtual PC/Server
with Linux instead of Cygwin I am stuck temporarily without
ClamAV on those files at receipt time.
Let me know if I can help you.
--
Herb
