[Mimedefang] MIME-tools 5.420 is available

2006-03-17 Thread David F. Skoll
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, MIME-tools 5.420 is at http://www.mimedefang.org/node.php?id=1 and will soon appear on CPAN. It fixes a regression introduced in 5.419 that could break quoted-printable encoded attachments. Regards, David. -BEGIN PGP SIGNATURE- Version

Re: Re[2]: [Mimedefang] Re: [SURBL-Discuss] Fw: Interesting Phishing Trick

2006-03-17 Thread Kevin A. McGrail
Fred: It was on the commit notice: (try out a number of different HTTPS_HTTP_MISMATCH anti-phishing rules -- found a version that has a good hit rate! thanks to Fred Tarasevicius for leading to th) Sorry if this was supposed to be private. Assumed it was public info from the commit but not 100%

Re: [Mimedefang] Re: [SURBL-Discuss] Fw: Interesting Phishing Trick

2006-03-17 Thread Kenneth Porter
On Friday, March 17, 2006 1:17 PM -0500 "David F. Skoll" <[EMAIL PROTECTED]> wrote: A differing protocol is no excuse. This kind of nonsense just encourages phishing. If you really need a redirector, then make it use https: also. Or don't put the link as text; just use "Click Here" or somethi

Re[2]: [Mimedefang] Re: [SURBL-Discuss] Fw: Interesting Phishing Trick

2006-03-17 Thread Fred Tarasevicius
Hello Kevin, Friday, March 17, 2006, 1:13:02 PM, you wrote: > However, just today or yesterday there was a new rule that did an eval test > and some num of link proportions that I'm looking forward to seeing results > from. It was an idea from Fred Tarasevicius. Yes it was me helping with ideas

Re: [Mimedefang] Re: [SURBL-Discuss] Fw: Interesting Phishing Trick

2006-03-17 Thread David F. Skoll
Kevin A. McGrail wrote: > For example, I receive a wide variety > of news aggregation, press releases, etc. I'm seeing them use shortened URLs > ala tinyurl that differ from the URL text / protocol. A differing protocol is no excuse. This kind of nonsense just encourages phishing. If you really

Re: [Mimedefang] Re: [SURBL-Discuss] Fw: Interesting Phishing Trick

2006-03-17 Thread Kevin A. McGrail
I've been working on this one closely as well and believe the problem is definitely not solveable with a rule NOR is it even a legitimate test without more parameters (see below). For example, I receive a wide variety of news aggregation, press releases, etc. I'm seeing them use shortened URLs ala

Re: [Mimedefang] [OT] Fw: Interesting Phishing Trick

2006-03-17 Thread David F. Skoll
Kevin A. McGrail wrote: > After testing and researching this rule for a few days, I found it has > pretty high FPs almost always on legitimate advertisements and mailing lists > as well as aggregated news reports. A lot of them seem to use url > shortening techniques ala tinyurl that cause this i

Re: [Mimedefang] [OT] Fw: Interesting Phishing Trick

2006-03-17 Thread Kevin A. McGrail
David: After testing and researching this rule for a few days, I found it has pretty high FPs almost always on legitimate advertisements and mailing lists as well as aggregated news reports. A lot of them seem to use url shortening techniques ala tinyurl that cause this issue to rear it's head. I

Re: [Mimedefang] Re: [SURBL-Discuss] Fw: Interesting Phishing Trick

2006-03-17 Thread Kenneth Porter
Saw this cross the SpamAssassin list today: Apparently a lot of legitimate mail has anchors with HTTP/HTTPS mismatch between the URL in the anchor's href and the URL in the body of the anchor. I thought that instead of rejecting poo

[Mimedefang] Modify $0 or use setproctitle in the slaves.

2006-03-17 Thread Martin Blapp
Hi all, I'd like to change $0 in the mimedefang filter to display in ps the subroutine/place where mimedefang is working in. After I've changed it a bit, the proctitle had changed but the slaves didn't do any filtering and where just sitting there. It the proctitle cmdline used elsewhere, does