the unknown phishing link
Posted: 09 Jun 2017 13:02
Just like virus there are also zero day phishing links that have not filtering into any urbl list.
I am trying to get Mailscanner/SA as part of a spam check to add urls is certain free hosting web-sites to be given a score.
In local.cf I have added
I sent an email in with the phishing link of http://xc-1-n.tripod.com/ which did not tigger the rule.
So I sent the email in with a click here hyper link to http://xc-1-n.tripod.com/, again did not tigger the rule.
Are there any SA boffins out there that can help?
I am looking to score *.tripod.com which would pick xc-1.tripod.com, we have also had phishing using freewebs.com so I am looking add further domains as appropiate.
I am scoring as 0.1 while I play around, looking to increase it later, maybe 3, and create a whitelist rule (if there is any for legit web-sites) but I do not link we will have any as I already blocked freewebs.com on our outbound proxy, but looking to protect our mobile road warriors has they do not go via the proxy when out and about.
I am trying to get Mailscanner/SA as part of a spam check to add urls is certain free hosting web-sites to be given a score.
In local.cf I have added
Code: Select all
body WOMBLE_FREEWEB /tripod\.com|freewebs\.com/
score WOMBLE_FREEWEB 0.1
describe WOMBLE_FREEWEB Body contains link to free website hosting domainSo I sent the email in with a click here hyper link to http://xc-1-n.tripod.com/, again did not tigger the rule.
Are there any SA boffins out there that can help?
I am looking to score *.tripod.com which would pick xc-1.tripod.com, we have also had phishing using freewebs.com so I am looking add further domains as appropiate.
I am scoring as 0.1 while I play around, looking to increase it later, maybe 3, and create a whitelist rule (if there is any for legit web-sites) but I do not link we will have any as I already blocked freewebs.com on our outbound proxy, but looking to protect our mobile road warriors has they do not go via the proxy when out and about.