Safe Browsing (was: SeaMonkey is overly parranoid and has inadequate error message)

2012-09-13 Thread Philip Chee
On Thu, 13 Sep 2012 07:23:26 -0500, Richard Owlett wrote:

> For more than a half century I've been a learn by experiment 
> learner. Before posting my initial message I had looked at 
> headers of messages that were tagged as possible scam and 
> those which were not. I spotted no difference. Afterwards I 
> did a little more experimentation to determine exactly what 
> SeaMonkey found objectionable.
> 
> SeaMonkey thinks the existence of a numeric URL in the body 
> of a message indicates a possible scam.
> 
> After reading your post, I sent myself two one line 
> messages. The body of one was "www.example.com". The body of 
> the other was "http://1.2.3.4";. [Obviously without quotation 
> marks]
> 
> [Note to new users following this thread - You can see the 
> complete headers either by using CNTRL-U while reading the 
> message or by a Right-click in message body and choosing 
> "Forward" in the menu.]

Currently our scam detection is a hard coded piece of code that looks
for a limited number of patterns including URLs using numeric IPs
e.g."http://1.2.3.4";. Thunderbird's code was originally similar but they
moved long ago to use the Firefox/Google "Safe Browsing" API. This
downloads regular updates from Google's safe browsing servers.

At the moment Thunderbird is using a very old version of the Firefox
code. I plan look into implementing Safe Browsing in SeaMonkey once the
large chunk of non Firefox specific SB code is moved into a shared
location (Bug 778608).

Your references:

Bug 477718 - Implement Phishing Protection (a.k.a. Safe Browsing)
support in SeaMonkey.
Bug 769960 - Refactor the terrifying code in nsSafebrowsingApplication.js.
Bug 778608 - Move SafeBrowsing.jsm to toolkit.
Bug 778611 - TB/SM should use toolkit SafeBrowsing code.

Phil

-- 
Philip Chee , 
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


Re: Unresolved 6 year old BUG - was [Re: SeaMonkey is overly parranoid and has inadequate error message]

2012-09-13 Thread Richard Owlett

Philip TAYLOR wrote:



Richard Owlett wrote:


The second lists 15 related bugs. I'm not yet familiar
enough with
Bugzilla to be able to say if they are being worked on.


Assigned To: Nobody; OK to take it and work on it

Philip Taylor


Contents of the "Assigned To:" field is not a true 
representation of how much work is being done on a 
particular problem. That appears much more to be an 
administrative tag regarding responsibility having been 
assigned to a particular person or group.


The contents of the Comment fields are more indicative of 
work being done on the problem.


Bug 654502 list 15 related bugs. I used Bugzilla's search 
function and came up with 38. There is only partial overlap 
between the lists. I can see "Assigned To:" remaining as 
"Nobody; OK to take it and work on it" forever (even when 
resolved). It's the nature of volunteer group efforts.




___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


Re: Unresolved 6 year old BUG - was [Re: SeaMonkey is overly parranoid and has inadequate error message]

2012-09-13 Thread Philip TAYLOR



Richard Owlett wrote:


The second lists 15 related bugs. I'm not yet familiar enough with
Bugzilla to be able to say if they are being worked on.


Assigned To:Nobody; OK to take it and work on it

Philip Taylor
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


Unresolved 6 year old BUG - was [Re: SeaMonkey is overly parranoid and has inadequate error message]

2012-09-13 Thread Richard Owlett
Did some more searching. There are at least 2 bugs reports 
covering this problem.


   324820 filed 2006-01-26 -- Summary: 	"might be an email 
scam" warning needs to explain how detected
   654502 filed 2011-05-03 -- Summary:  Tracking bug for 
improvements of Thunderbird's scam / phishing detection and ...


The second lists 15 related bugs. I'm not yet familiar 
enough with Bugzilla to be able to say if they are being 
worked on.



Richard Owlett wrote:

My ISP (small local firm) provides spam and virus filters on
all email accounts.
They use software from www.barracudanetworks.com .

I have two problems with SeaMonkey's response to messages
from my ISP that there are emails in my quarantine folder.

1. SeaMonkey flags all these messages as a possible scam.
The messages are in HTML and have a link to click through to
my quarantined message and to page to modify my preferences.
2. When I click on any of the links I receive a warning
message that the URL is numeric.

How can I "white list" these messages and that specific URL?
Each incoming notification does have a button for "Not a
scam". But that only deletes the warning for that specific
notification, not the next one from my ISP :<


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


Re: SeaMonkey is overly parranoid and has inadequate error message

2012-09-13 Thread Richard Owlett

Bill Davidsen wrote:

Richard Owlett wrote:

My ISP (small local firm) provides spam and virus filters
on all email accounts.
They use software from www.barracudanetworks.com .

I have two problems with SeaMonkey's response to messages
from my ISP that there
are emails in my quarantine folder.

1. SeaMonkey flags all these messages as a possible scam.
The messages are in
HTML and have a link to click through to my quarantined
message and to page to
modify my preferences.
2. When I click on any of the links I receive a warning
message that the URL is
numeric.

How can I "white list" these messages and that specific URL?
Each incoming notification does have a button for "Not a
scam". But that only
deletes the warning for that specific notification, not
the next one from my ISP :<


I will give you some hints, but because (a) you use Windows,
and (b) you undoubtedly don't run your own mail server, I
can't give you step by step instructions. This info from my
notes.

The "scam" stuff is set in a header line in the message
seemingly added by SM. It's one of the X-Mozilla-Status
lines. If the message looks like a scam a bit will be set
for the message, clear the bit to make the warning go away.
In my case I simply added the flag lines in my custom perl
mail filter which works with spamassassin to preprocess
mail. How you do it is up to you, if you're a programmer and
want to play with the mail file wherever SM puts them in
Windows, go to it and share your results.

I suspect this will help with understanding more than
solution, but there it is.



Sorry. You are in error ;)

For more than a half century I've been a learn by experiment 
learner. Before posting my initial message I had looked at 
headers of messages that were tagged as possible scam and 
those which were not. I spotted no difference. Afterwards I 
did a little more experimentation to determine exactly what 
SeaMonkey found objectionable.


SeaMonkey thinks the existence of a numeric URL in the body 
of a message indicates a possible scam.


After reading your post, I sent myself two one line 
messages. The body of one was "www.example.com". The body of 
the other was "http://1.2.3.4";. [Obviously without quotation 
marks]


[Note to new users following this thread - You can see the 
complete headers either by using CNTRL-U while reading the 
message or by a Right-click in message body and choosing 
"Forward" in the menu.]


The results are below with some personally identifiable info 
--deleted-- .


*MESSAGE 1*

From - Thu Sep 13 06:18:28 2012
X-Account-Key: account2
X-UIDL:  --deleted--
X-Mozilla-Status: 0001
X-Mozilla-Status2: 
X-Mozilla-Keys: 


Return-Path: 
Received:  --deleted--
Message-ID:  --deleted--
Date: Thu, 13 Sep 2012 06:17:55 -0500
From: Richard Owlett 
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) 
Gecko/20120826 Firefox/15.0 SeaMonkey/2.12

MIME-Version: 1.0
To: Richard Owlett 
Subject: test scam2
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-SmarterMail-TotalSpamWeight: 0 (Authenticated)

www.example.com

From - Thu Sep 13 06:16:31 2012
X-Account-Key: account2
X-UIDL:  --deleted--
X-Mozilla-Status: 0001
X-Mozilla-Status2: 
X-Mozilla-Keys: 


Return-Path: 
Received:  --deleted--
Message-ID:  --deleted--
Date: Thu, 13 Sep 2012 06:16:13 -0500
From: Richard Owlett 
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) 
Gecko/20120826 Firefox/15.0 SeaMonkey/2.12

MIME-Version: 1.0
To: Richard Owlett 
Subject: test scam1
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-SmarterMail-TotalSpamWeight: 0 (Authenticated)

http://1.2.3.4

*MESSAGE 2*

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


Re: SeaMonkey is overly parranoid and has inadequate error message

2012-09-13 Thread Philip TAYLOR



Lucas Levrel a écrit :


Le 12 septembre 2012, Richard Owlett a écrit :


My ISP (small local firm) provides spam and virus filters on all email
accounts.


If these filters are enough, you can disable SM's junk filtering
altogether for that account.


I am not convinced that Seamonkey flagging something as
a suspected e-mail scam ("Seamonkey thinks this message
might be an email scam") has anything to do with its
junk filtering at all; they appear to be orthogonal.

Philip Taylor
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


Re: SeaMonkey is overly parranoid and has inadequate error message

2012-09-13 Thread Lucas Levrel

Le 12 septembre 2012, Richard Owlett a écrit :

My ISP (small local firm) provides spam and virus filters on all email 
accounts.


If these filters are enough, you can disable SM's junk filtering 
altogether for that account.


--
LL
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


Re: SeaMonkey is overly parranoid and has inadequate error message

2012-09-12 Thread Bill Davidsen

Richard Owlett wrote:

My ISP (small local firm) provides spam and virus filters on all email accounts.
They use software from www.barracudanetworks.com .

I have two problems with SeaMonkey's response to messages from my ISP that there
are emails in my quarantine folder.

1. SeaMonkey flags all these messages as a possible scam. The messages are in
HTML and have a link to click through to my quarantined message and to page to
modify my preferences.
2. When I click on any of the links I receive a warning message that the URL is
numeric.

How can I "white list" these messages and that specific URL?
Each incoming notification does have a button for "Not a scam". But that only
deletes the warning for that specific notification, not the next one from my ISP 
:<

I will give you some hints, but because (a) you use Windows, and (b) you 
undoubtedly don't run your own mail server, I can't give you step by step 
instructions. This info from my notes.


The "scam" stuff is set in a header line in the message seemingly added by SM. 
It's one of the X-Mozilla-Status lines. If the message looks like a scam a bit 
will be set for the message, clear the bit to make the warning go away. In my 
case I simply added the flag lines in my custom perl mail filter which works 
with spamassassin to preprocess mail. How you do it is up to you, if you're a 
programmer and want to play with the mail file wherever SM puts them in Windows, 
go to it and share your results.


I suspect this will help with understanding more than solution, but there it is.

--
Bill Davidsen 
  We are not out of the woods yet, but we know the direction and have
taken the first step. The steps are many, but finite in number, and if
we persevere we will reach our destination.  -me, 2010


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


Re: SeaMonkey is overly parranoid and has inadequate error message

2012-09-12 Thread Philip TAYLOR



Richard Owlett wrote:


My ISP (small local firm) provides spam and virus filters on all
email accounts. They use software from www.barracudanetworks.com .

I have two problems with SeaMonkey's response to messages from my ISP
that there are emails in my quarantine folder.

1. SeaMonkey flags all these messages as a possible scam. The
messages are in HTML and have a link to click through to my
quarantined message and to page to modify my preferences.


Same here : my college uses "Webroot Email security service" and no
matter how many times I tell Seamonkey "Not a scam", it never learns.

Philip Taylor
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey


SeaMonkey is overly parranoid and has inadequate error message

2012-09-12 Thread Richard Owlett
My ISP (small local firm) provides spam and virus filters on 
all email accounts.

They use software from www.barracudanetworks.com .

I have two problems with SeaMonkey's response to messages 
from my ISP that there are emails in my quarantine folder.


1. SeaMonkey flags all these messages as a possible scam. 
The messages are in HTML and have a link to click through to 
my quarantined message and to page to modify my preferences.
2. When I click on any of the links I receive a warning 
message that the URL is numeric.


How can I "white list" these messages and that specific URL?
Each incoming notification does have a button for "Not a 
scam". But that only deletes the warning for that specific 
notification, not the next one from my ISP :<


___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey