Defective entries in phishing.bad.sites.conf

Report bugs and workarounds
Post Reply
paulo88
Posts: 12
Joined: 06 Dec 2017 16:06

Defective entries in phishing.bad.sites.conf

Post by paulo88 »

Hello,

I noticed that eFa does not use the default MailScanner phishing.bad.sites.conf and phishing.safe.sites.conf.

That itself is not a problem but the phishing.bad.sites.conf has invalid or not working entries.

Most of the entries go like this:

Code: Select all

bad.url.com
But some have ",http:" attached:

Code: Select all

bad.url.com,http:
This seems to make the entry invalid as the definitive fraud is not correctly marked as such.
It is only marked as possible fraud, but when it is in this file it should be definitive.

Even the current online file has these faults: http://dl.efa-project.org/MailScanner/p ... sites.conf

For now I fixed the issue in rewriting the EFA-MA-Update script and adding:

Code: Select all

sed -i 's/,http://g' phishing.bad.sites.conf
But I think it would be better to fix this on the server-side.

Thanks and regards
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Defective entries in phishing.bad.sites.conf

Post by henk »

The reason to use the Phishing files from EFA is obvious

E.F.A. Project - MailScanner Bad Phishing Sites ( 40165 sites)
# http://www.efa-project.org
#
# Last update: Wed Nov 7 18:00:04 EST 2018
#
# This file is updated multiple times per day.

http://phishing.mailscanner.info/ (16630 sites)
# Built by Mailborder Systems
# Build Time: Mon, 10 Sep 18 00:15:05 -0400
# https://www.mailborder.com
# Mailborder - Phishing Bad Sites
#

Maybe Shawn would like to comment on this one as paulo88 seems to have a point here. ( 629 sites containing the ,http: extension)
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Defective entries in phishing.bad.sites.conf

Post by darky83 »

Try again, created a quick workaround to fix this for now.

it doesn't seem to affect the safe sites list so this should fix it for now, thanks for reporting :)
Version eFa 4.x now available!
paulo88
Posts: 12
Joined: 06 Dec 2017 16:06

Re: Defective entries in phishing.bad.sites.conf

Post by paulo88 »

Thank you, that fixed these faulty entries.
Now these FQDNs are correctly marked as definitive fraud.

Thanks for the fast fix.
Post Reply