Marc wrote: > The test I had thought of, which would be better suited > in SA than Exim, is to check the links. If the text inside > an A HREF tag perports to be from a common phishing target > match it agains the URL the tag defines. If the tag URL does > not match the domain inside the tag, score it wayyyyyy up.
I was already searching for existing Phish rules for SA, and was really surprised there aren't more of them already available. Steve wrote: > But, hey, Clamav is catching 'em. I've actually seen a > decrease lately and wondered where it had been coming from > when a different message prompted me to look for those > domains in my logs. :D I am running Exim and SA in Cygwin and right now there is a bug (or several) in getting mime scanning and clamd to work. We solved the problem with SA by switching all the writes to binary mode, but clamd (and even command scanning) won't work for me now. Neither will all the requirements for the CPAN ClamAV make and install so unless I start running a Virtual PC/Server with Linux instead of Cygwin I am stuck temporarily without ClamAV on those files at receipt time. Let me know if I can help you. -- Herb -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/