Page 1 of 1

Defective entries in phishing.bad.sites.conf

Posted: 08 Nov 2018 11:11
by paulo88
Hello,

I noticed that eFa does not use the default MailScanner phishing.bad.sites.conf and phishing.safe.sites.conf.

That itself is not a problem but the phishing.bad.sites.conf has invalid or not working entries.

Most of the entries go like this:

Code: Select all

bad.url.com
But some have ",http:" attached:

Code: Select all

bad.url.com,http:
This seems to make the entry invalid as the definitive fraud is not correctly marked as such.
It is only marked as possible fraud, but when it is in this file it should be definitive.

Even the current online file has these faults: http://dl.efa-project.org/MailScanner/p ... sites.conf

For now I fixed the issue in rewriting the EFA-MA-Update script and adding:

Code: Select all

sed -i 's/,http://g' phishing.bad.sites.conf
But I think it would be better to fix this on the server-side.

Thanks and regards

Re: Defective entries in phishing.bad.sites.conf

Posted: 08 Nov 2018 22:14
by henk
The reason to use the Phishing files from EFA is obvious

E.F.A. Project - MailScanner Bad Phishing Sites ( 40165 sites)
# http://www.efa-project.org
#
# Last update: Wed Nov 7 18:00:04 EST 2018
#
# This file is updated multiple times per day.

http://phishing.mailscanner.info/ (16630 sites)
# Built by Mailborder Systems
# Build Time: Mon, 10 Sep 18 00:15:05 -0400
# https://www.mailborder.com
# Mailborder - Phishing Bad Sites
#

Maybe Shawn would like to comment on this one as paulo88 seems to have a point here. ( 629 sites containing the ,http: extension)

Re: Defective entries in phishing.bad.sites.conf

Posted: 08 Nov 2018 23:26
by darky83
Try again, created a quick workaround to fix this for now.

it doesn't seem to affect the safe sites list so this should fix it for now, thanks for reporting :)

Re: Defective entries in phishing.bad.sites.conf

Posted: 09 Nov 2018 07:39
by paulo88
Thank you, that fixed these faulty entries.
Now these FQDNs are correctly marked as definitive fraud.

Thanks for the fast fix.