Discussion:
Phishing Update Service
Jerry Benton
2014-06-21 01:22:49 UTC
Permalink
Ok, I went a little further. There are now updated ?safe? and ?bad? phishing sites once per day. Read more and get the scripts here if you want them.

http://phishing.mailborder.com/



-
Jerry Benton
www.mailborder.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140621/a6c2bb79/attachment.html
Rick Cooper
2014-06-22 22:00:20 UTC
Permalink
Could I suggest the following, it will accomidate /opt/MailScanner installs
as well as /etc/MailScanner installs, and it also will not overwright the
files if there is not a successful download. It also leaves the temp file
there if there is an issue. I removed the --no-check-certificate part
because it's not an ssl site so there is no point in the parameter. Of
course this could be greatly shortened by just checking for the files and
creating the links in the same fashion as the directory and if you really
want to be clean

MS_DIR=
If [ -f /opt/MailScanner/etc/phishing.safe.sites.conf ]; then
MS_DIR=/opt/MailScanner/etc/phishing.safe.sites.conf
fi
If [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
MS_DIR=/etc/MailScanner/phishing.safe.sites.conf
Fi

If [ "${MS_DIR}" == "" ]; then
echo phishing.safe.sites.conf cannot be found
echo EXITING
exit 1
fi

Then use MS_DIR in a mv command since there is no chance of over writing a
symlink

#!/bin/bash
# # Mailborder update safe phishing sites
# v4.1.3 # 20 June 2014
# # Run this script as a user with write permissions
# to /etc/MailScanner/phishing.safe.sites.conf
if [ ! -d /etc/MailScanner ]; then
echo etc/MailScanner does not exist, creating it
mkdir /etc/MailScanner
chmod 0644 /etc/MailScanner
fi

if [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
else
echo Linking opt Based MailScanner Files
ln -s /opt/MailScanner/etc/phishing.safe.sites.conf /etc/MailScanner/
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
fi

________________________________

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry
Benton
Sent: Friday, June 20, 2014 9:23 PM
To: MailScanner discussion
Subject: Phishing Update Service


Ok, I went a little further. There are now updated "safe" and "bad" phishing
sites once per day. Read more and get the scripts here if you want them.

http://phishing.mailborder.com/



-
Jerry Benton
www.mailborder.com
Jerry Benton
2014-06-22 22:36:58 UTC
Permalink
Rick,

I will update it later. For now I would suggest just updating the links in the script for you /opt install.

-
Jerry Benton
www.mailborder.com
Post by Rick Cooper
Could I suggest the following, it will accomidate /opt/MailScanner installs
as well as /etc/MailScanner installs, and it also will not overwright the
files if there is not a successful download. It also leaves the temp file
there if there is an issue. I removed the --no-check-certificate part
because it's not an ssl site so there is no point in the parameter. Of
course this could be greatly shortened by just checking for the files and
creating the links in the same fashion as the directory and if you really
want to be clean
MS_DIR=
If [ -f /opt/MailScanner/etc/phishing.safe.sites.conf ]; then
MS_DIR=/opt/MailScanner/etc/phishing.safe.sites.conf
fi
If [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
MS_DIR=/etc/MailScanner/phishing.safe.sites.conf
Fi
If [ "${MS_DIR}" == "" ]; then
echo phishing.safe.sites.conf cannot be found
echo EXITING
exit 1
fi
Then use MS_DIR in a mv command since there is no chance of over writing a
symlink
#!/bin/bash
# # Mailborder update safe phishing sites
# v4.1.3 # 20 June 2014
# # Run this script as a user with write permissions
# to /etc/MailScanner/phishing.safe.sites.conf
if [ ! -d /etc/MailScanner ]; then
echo etc/MailScanner does not exist, creating it
mkdir /etc/MailScanner
chmod 0644 /etc/MailScanner
fi
if [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
else
echo Linking opt Based MailScanner Files
ln -s /opt/MailScanner/etc/phishing.safe.sites.conf /etc/MailScanner/
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
fi
________________________________
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry
Benton
Sent: Friday, June 20, 2014 9:23 PM
To: MailScanner discussion
Subject: Phishing Update Service
Ok, I went a little further. There are now updated "safe" and "bad" phishing
sites once per day. Read more and get the scripts here if you want them.
http://phishing.mailborder.com/
-
Jerry Benton
www.mailborder.com
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/5cb004e4/attachment.html
Rick Cooper
2014-06-22 22:56:04 UTC
Permalink
Oh, I already change the script, I actually have a mix of /opt and redhat
rpm installs

_____

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry
Benton
Sent: Sunday, June 22, 2014 6:37 PM
To: MailScanner discussion
Subject: Re: Phishing Update Service


Rick,

I will update it later. For now I would suggest just updating the links in
the script for you /opt install.


-
Jerry Benton
www.mailborder.com



On Jun 23, 2014, at 12:00 AM, Rick Cooper <rcooper at dwford.com> wrote:


Could I suggest the following, it will accomidate /opt/MailScanner installs
as well as /etc/MailScanner installs, and it also will not overwright the
files if there is not a successful download. It also leaves the temp file
there if there is an issue. I removed the --no-check-certificate part
because it's not an ssl site so there is no point in the parameter. Of
course this could be greatly shortened by just checking for the files and
creating the links in the same fashion as the directory and if you really
want to be clean

MS_DIR=
If [ -f /opt/MailScanner/etc/phishing.safe.sites.conf ]; then
MS_DIR=/opt/MailScanner/etc/phishing.safe.sites.conf
fi
If [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
MS_DIR=/etc/MailScanner/phishing.safe.sites.conf
Fi

If [ "${MS_DIR}" == "" ]; then
echo phishing.safe.sites.conf cannot be found
echo EXITING
exit 1
fi

Then use MS_DIR in a mv command since there is no chance of over writing a
symlink

#!/bin/bash
# # Mailborder update safe phishing sites
# v4.1.3 # 20 June 2014
# # Run this script as a user with write permissions
# to /etc/MailScanner/phishing.safe.sites.conf
if [ ! -d /etc/MailScanner ]; then
echo etc/MailScanner does not exist, creating it
mkdir /etc/MailScanner
chmod 0644 /etc/MailScanner
fi

if [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
else
echo Linking opt Based MailScanner Files
ln -s /opt/MailScanner/etc/phishing.safe.sites.conf /etc/MailScanner/
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
fi

________________________________

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry
Benton
Sent: Friday, June 20, 2014 9:23 PM
To: MailScanner discussion
Subject: Phishing Update Service


Ok, I went a little further. There are now updated "safe" and "bad" phishing
sites once per day. Read more and get the scripts here if you want them.

http://phishing.mailborder.com/



-
Jerry Benton
www.mailborder.com
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140622/30768a02/attachment.html
Jerry Benton
2014-06-23 08:10:24 UTC
Permalink
Rick,

Can you email me the complete script you came up with please? Would save me
some time.

-
Jerry Benton
www.mailborder.com



On Jun 23, 2014, at 12:00 AM, Rick Cooper <rcooper at dwford.com
<javascript:_e(%7B%7D,'cvml','rcooper at dwford.com');>> wrote:

Could I suggest the following, it will accomidate /opt/MailScanner installs
as well as /etc/MailScanner installs, and it also will not overwright the
files if there is not a successful download. It also leaves the temp file
there if there is an issue. I removed the --no-check-certificate part
because it's not an ssl site so there is no point in the parameter. Of
course this could be greatly shortened by just checking for the files and
creating the links in the same fashion as the directory and if you really
want to be clean

MS_DIR=
If [ -f /opt/MailScanner/etc/phishing.safe.sites.conf ]; then
MS_DIR=/opt/MailScanner/etc/phishing.safe.sites.conf
fi
If [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
MS_DIR=/etc/MailScanner/phishing.safe.sites.conf
Fi

If [ "${MS_DIR}" == "" ]; then
echo phishing.safe.sites.conf cannot be found
echo EXITING
exit 1
fi

Then use MS_DIR in a mv command since there is no chance of over writing a
symlink

#!/bin/bash
# # Mailborder update safe phishing sites
# v4.1.3 # 20 June 2014
# # Run this script as a user with write permissions
# to /etc/MailScanner/phishing.safe.sites.conf
if [ ! -d /etc/MailScanner ]; then
echo etc/MailScanner does not exist, creating it
mkdir /etc/MailScanner
chmod 0644 /etc/MailScanner
fi

if [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
else
echo Linking opt Based MailScanner Files
ln -s /opt/MailScanner/etc/phishing.safe.sites.conf /etc/MailScanner/
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
fi

________________________________

From: mailscanner-bounces at lists.mailscanner.info
<javascript:_e(%7B%7D,'cvml','mailscanner-bounces at lists.mailscanner.info');>
[mailto:mailscanner-bounces at lists.mailscanner.info
<javascript:_e(%7B%7D,'cvml','mailscanner-bounces at lists.mailscanner.info');>]
On Behalf Of Jerry
Benton
Sent: Friday, June 20, 2014 9:23 PM
To: MailScanner discussion
Subject: Phishing Update Service


Ok, I went a little further. There are now updated "safe" and "bad" phishing
sites once per day. Read more and get the scripts here if you want them.

http://phishing.mailborder.com/



-
Jerry Benton
www.mailborder.com
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<javascript:_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
--
Jerry Benton
Mailborder Systems
www.mailborder.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/70c370b7/attachment.html
Steve Basford
2014-06-23 09:27:21 UTC
Permalink
Post by Jerry Benton
Rick,
Can you email me the complete script you came up with please? Would save
me some time.
Hi Rick,

It did occur, script wise...Depending on your resources, cpu vs bandwidth
you could use gzip...

get -S --header="accept-encoding: gzip"

but then with -S option, noted that it's not supported...

HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Mon, 23 Jun 2014 09:22:32 GMT
Server: Apache
Last-Modified: Mon, 23 Jun 2014 08:15:04 GMT
Accept-Ranges: bytes
Content-Length: 208113
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Length: 208,113 (203K)

Back to more coffee ;)

Cheers,

Steve
Sanesecurity.com
Jerry Benton
2014-06-23 10:26:05 UTC
Permalink
Steve,

The server was not compressing that file for some reason. It is now.

-
Jerry Benton
www.mailborder.com
Post by Steve Basford
Post by Jerry Benton
Rick,
Can you email me the complete script you came up with please? Would save
me some time.
Hi Rick,
It did occur, script wise...Depending on your resources, cpu vs bandwidth
you could use gzip...
get -S --header="accept-encoding: gzip"
but then with -S option, noted that it's not supported...
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Mon, 23 Jun 2014 09:22:32 GMT
Server: Apache
Last-Modified: Mon, 23 Jun 2014 08:15:04 GMT
Accept-Ranges: bytes
Content-Length: 208113
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Length: 208,113 (203K)
Back to more coffee ;)
Cheers,
Steve
Sanesecurity.com
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/7132d431/attachment.html
Rick Cooper
2014-06-23 17:44:57 UTC
Permalink
I am going to be tied up tight for a while, had a major server drop and am
placing the backup as I type so I dunno how long I am going to be with a new
template server and data backups

_____

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry
Benton
Sent: Monday, June 23, 2014 4:10 AM
To: MailScanner discussion
Subject: Phishing Update Service


Rick,

Can you email me the complete script you came up with please? Would save me
some time.


-
Jerry Benton
www.mailborder.com



On Jun 23, 2014, at 12:00 AM, Rick Cooper <rcooper at dwford.com
<javascript:_e(%7B%7D,'cvml','rcooper at dwford.com');> > wrote:


Could I suggest the following, it will accomidate /opt/MailScanner installs
as well as /etc/MailScanner installs, and it also will not overwright the
files if there is not a successful download. It also leaves the temp file
there if there is an issue. I removed the --no-check-certificate part
because it's not an ssl site so there is no point in the parameter. Of
course this could be greatly shortened by just checking for the files and
creating the links in the same fashion as the directory and if you really
want to be clean

MS_DIR=
If [ -f /opt/MailScanner/etc/phishing.safe.sites.conf ]; then
MS_DIR=/opt/MailScanner/etc/phishing.safe.sites.conf
fi
If [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
MS_DIR=/etc/MailScanner/phishing.safe.sites.conf
Fi

If [ "${MS_DIR}" == "" ]; then
echo phishing.safe.sites.conf cannot be found
echo EXITING
exit 1
fi

Then use MS_DIR in a mv command since there is no chance of over writing a
symlink

#!/bin/bash
# # Mailborder update safe phishing sites
# v4.1.3 # 20 June 2014
# # Run this script as a user with write permissions
# to /etc/MailScanner/phishing.safe.sites.conf
if [ ! -d /etc/MailScanner ]; then
echo etc/MailScanner does not exist, creating it
mkdir /etc/MailScanner
chmod 0644 /etc/MailScanner
fi

if [ -f /etc/MailScanner/phishing.safe.sites.conf ]; then
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
else
echo Linking opt Based MailScanner Files
ln -s /opt/MailScanner/etc/phishing.safe.sites.conf /etc/MailScanner/
/usr/bin/wget -O /tmp/phishing.safe.sites.conf
http://phishing.mailborder.com/phishing.safe.sites.conf
ERR_CODE=$?
if [ "$ERR_CODE" == "0" ]; then
cp -f /tmp/phishing.safe.sites.conf
/etc/MailScanner/phishing.safe.sites.conf
chmod 0644 /etc/MailScanner/phishing.bad.sites.conf
rm -f /tmp/phishing.safe.sites.conf
else
echo Had a problem downloading phishing.safe.sites.conf error code was
$ERR_CODE
fi
fi

________________________________

From: mailscanner-bounces at lists.mailscanner.info
<javascript:_e(%7B%7D,'cvml','mailscanner-bounces at lists.mailscanner.info');>

[mailto:mailscanner-bounces at lists.mailscanner.info
<javascript:_e(%7B%7D,'cvml','mailscanner-bounces at lists.mailscanner.info');>
] On Behalf Of Jerry
Benton
Sent: Friday, June 20, 2014 9:23 PM
To: MailScanner discussion
Subject: Phishing Update Service


Ok, I went a little further. There are now updated "safe" and "bad" phishing
sites once per day. Read more and get the scripts here if you want them.

http://phishing.mailborder.com/



-
Jerry Benton
www.mailborder.com
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<javascript:_e(%7B%7D,'cvml','mailscanner at lists.mailscanner.info');>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
--

Jerry Benton

Mailborder Systems
www.mailborder.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/723884ea/attachment-0001.html
Randal, Phil
2014-06-23 08:53:22 UTC
Permalink
Hi Jerry,

You need to look at the original /usr/sbin/update_phishing_sites and /usr/sbin/update_bad_phishing_sites.

The retrieved content was merged with the user's file, which may have been edited to add locally whitelisted / blacklisted URLs.

Your script just clobbers the files.

Bad move!

Phil



From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 21 June 2014 02:23
To: MailScanner discussion
Subject: Phishing Update Service

Ok, I went a little further. There are now updated "safe" and "bad" phishing sites once per day. Read more and get the scripts here if you want them.

http://phishing.mailborder.com/



-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE

"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/dc037fcf/attachment.html
Jerry Benton
2014-06-23 09:58:33 UTC
Permalink
Phil,

If you would like to contribute a better update script, I will be happy to add it. You could also just update your current script to point to the one at phishing.mailborder.com. Alternatively, you can continue to use the current MailScanner default.

In short, I am the only one actively contributing to the MailScanner project with time, resources, and funds at the moment. If you have a better solution, give it to me or send it to this list. Simply telling me ?it sucks? doesn?t really accomplish or improve anything.

-
Jerry Benton
www.mailborder.com
Post by Randal, Phil
Hi Jerry,
You need to look at the original /usr/sbin/update_phishing_sites and /usr/sbin/update_bad_phishing_sites.
The retrieved content was merged with the user?s file, which may have been edited to add locally whitelisted / blacklisted URLs.
Your script just clobbers the files.
Bad move!
Phil
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 21 June 2014 02:23
To: MailScanner discussion
Subject: Phishing Update Service
Ok, I went a little further. There are now updated ?safe? and ?bad? phishing sites once per day. Read more and get the scripts here if you want them.
http://phishing.mailborder.com/
-
Jerry Benton
www.mailborder.com
Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE
"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it." --
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/856fd2cc/attachment.html
Randal, Phil
2014-06-23 13:53:15 UTC
Permalink
Hi Jerry,

If and when I get the time, I shall.

But in the meantime people might get upset finding that their fine-tuned rules have been clobbered.

Personally, I wish MailScanner had been designed to have system and 'local' phishing files, with the latter taking precedence, so that the system files are just plain downloads.

Retrofitting that concept would probably break things for everyone, so we're stuck with a compromise.

Cheers,

Phil


From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 June 2014 10:59
To: MailScanner discussion
Subject: Re: Phishing Update Service

Phil,

If you would like to contribute a better update script, I will be happy to add it. You could also just update your current script to point to the one at phishing.mailborder.com<http://phishing.mailborder.com>. Alternatively, you can continue to use the current MailScanner default.

In short, I am the only one actively contributing to the MailScanner project with time, resources, and funds at the moment. If you have a better solution, give it to me or send it to this list. Simply telling me "it sucks" doesn't really accomplish or improve anything.

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Jun 23, 2014, at 10:53 AM, Randal, Phil <phil.randal at hoopleltd.co.uk<mailto:phil.randal at hoopleltd.co.uk>> wrote:


Hi Jerry,

You need to look at the original /usr/sbin/update_phishing_sites and /usr/sbin/update_bad_phishing_sites.

The retrieved content was merged with the user's file, which may have been edited to add locally whitelisted / blacklisted URLs.

Your script just clobbers the files.

Bad move!

Phil



From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 21 June 2014 02:23
To: MailScanner discussion
Subject: Phishing Update Service

Ok, I went a little further. There are now updated "safe" and "bad" phishing sites once per day. Read more and get the scripts here if you want them.

http://phishing.mailborder.com/



-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>



Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE

"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it." --
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/52da1e3c/attachment.html
Jerry Benton
2014-06-23 14:54:52 UTC
Permalink
I was thinking about your comments and considering an option, which would be to have a custom rules file that get prepended to those that are automatically generated.

Example: custom.phishing.bad.sites.conf would get appended or prepended to phishing.bad.sites.conf by the update script. In this way your custom items would never be overwritten.

I am looking into it.

-
Jerry Benton
www.mailborder.com
Post by Randal, Phil
Hi Jerry,
If and when I get the time, I shall.
But in the meantime people might get upset finding that their fine-tuned rules have been clobbered.
Personally, I wish MailScanner had been designed to have system and ?local? phishing files, with the latter taking precedence, so that the system files are just plain downloads.
Retrofitting that concept would probably break things for everyone, so we?re stuck with a compromise.
Cheers,
Phil
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 June 2014 10:59
To: MailScanner discussion
Subject: Re: Phishing Update Service
Phil,
If you would like to contribute a better update script, I will be happy to add it. You could also just update your current script to point to the one at phishing.mailborder.com. Alternatively, you can continue to use the current MailScanner default.
In short, I am the only one actively contributing to the MailScanner project with time, resources, and funds at the moment. If you have a better solution, give it to me or send it to this list. Simply telling me ?it sucks? doesn?t really accomplish or improve anything.
-
Jerry Benton
www.mailborder.com
Hi Jerry,
You need to look at the original /usr/sbin/update_phishing_sites and /usr/sbin/update_bad_phishing_sites.
The retrieved content was merged with the user?s file, which may have been edited to add locally whitelisted / blacklisted URLs.
Your script just clobbers the files.
Bad move!
Phil
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 21 June 2014 02:23
To: MailScanner discussion
Subject: Phishing Update Service
Ok, I went a little further. There are now updated ?safe? and ?bad? phishing sites once per day. Read more and get the scripts here if you want them.
http://phishing.mailborder.com/
-
Jerry Benton
www.mailborder.com
Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE
"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it." --
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/23bf843c/attachment.html
Randal, Phil
2014-06-23 16:11:01 UTC
Permalink
The original /usr/sbin/update_phishing_sites and /usr/sbin/update_bad_phishing_sites already had the correct logic in them.

We'd have to check the MailScanner logic to see how it handles duplicates which could result from a simple append.

Cheers,

Phil

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 June 2014 15:55
To: MailScanner discussion
Subject: Re: Phishing Update Service

I was thinking about your comments and considering an option, which would be to have a custom rules file that get prepended to those that are automatically generated.

Example: custom.phishing.bad.sites.conf would get appended or prepended to phishing.bad.sites.conf by the update script. In this way your custom items would never be overwritten.

I am looking into it.

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Jun 23, 2014, at 3:53 PM, Randal, Phil <phil.randal at hoopleltd.co.uk<mailto:phil.randal at hoopleltd.co.uk>> wrote:


Hi Jerry,

If and when I get the time, I shall.

But in the meantime people might get upset finding that their fine-tuned rules have been clobbered.

Personally, I wish MailScanner had been designed to have system and 'local' phishing files, with the latter taking precedence, so that the system files are just plain downloads.

Retrofitting that concept would probably break things for everyone, so we're stuck with a compromise.

Cheers,

Phil


From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 23 June 2014 10:59
To: MailScanner discussion
Subject: Re: Phishing Update Service

Phil,

If you would like to contribute a better update script, I will be happy to add it. You could also just update your current script to point to the one at phishing.mailborder.com<http://phishing.mailborder.com/>. Alternatively, you can continue to use the current MailScanner default.

In short, I am the only one actively contributing to the MailScanner project with time, resources, and funds at the moment. If you have a better solution, give it to me or send it to this list. Simply telling me "it sucks" doesn't really accomplish or improve anything.

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>



On Jun 23, 2014, at 10:53 AM, Randal, Phil <phil.randal at hoopleltd.co.uk<mailto:phil.randal at hoopleltd.co.uk>> wrote:



Hi Jerry,

You need to look at the original /usr/sbin/update_phishing_sites and /usr/sbin/update_bad_phishing_sites.

The retrieved content was merged with the user's file, which may have been edited to add locally whitelisted / blacklisted URLs.

Your script just clobbers the files.

Bad move!

Phil



From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 21 June 2014 02:23
To: MailScanner discussion
Subject: Phishing Update Service

Ok, I went a little further. There are now updated "safe" and "bad" phishing sites once per day. Read more and get the scripts here if you want them.

http://phishing.mailborder.com/



-
Jerry Benton
www.mailborder.com<http://www.mailborder.com/>



Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE

"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it." --
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140623/3b018ac9/attachment.html
Loading...