Defective entries in phishing.bad.sites.conf

Report bugs and workarounds
Post Reply
paulo88
Posts: 12
Joined: 06 Dec 2017 16:06

Defective entries in phishing.bad.sites.conf

Post by paulo88 » 08 Nov 2018 11:11

Hello,

I noticed that eFa does not use the default MailScanner phishing.bad.sites.conf and phishing.safe.sites.conf.

That itself is not a problem but the phishing.bad.sites.conf has invalid or not working entries.

Most of the entries go like this:

Code: Select all

bad.url.com
But some have ",http:" attached:

Code: Select all

bad.url.com,http:
This seems to make the entry invalid as the definitive fraud is not correctly marked as such.
It is only marked as possible fraud, but when it is in this file it should be definitive.

Even the current online file has these faults: http://dl.efa-project.org/MailScanner/p ... sites.conf

For now I fixed the issue in rewriting the EFA-MA-Update script and adding:

Code: Select all

sed -i 's/,http://g' phishing.bad.sites.conf
But I think it would be better to fix this on the server-side.

Thanks and regards

henk
Posts: 181
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Defective entries in phishing.bad.sites.conf

Post by henk » 08 Nov 2018 22:14

The reason to use the Phishing files from EFA is obvious

E.F.A. Project - MailScanner Bad Phishing Sites ( 40165 sites)
# http://www.efa-project.org
#
# Last update: Wed Nov 7 18:00:04 EST 2018
#
# This file is updated multiple times per day.

http://phishing.mailscanner.info/ (16630 sites)
# Built by Mailborder Systems
# Build Time: Mon, 10 Sep 18 00:15:05 -0400
# https://www.mailborder.com
# Mailborder - Phishing Bad Sites
#

Maybe Shawn would like to comment on this one as paulo88 seems to have a point here. ( 629 sites containing the ,http: extension)

User avatar
darky83
Site Admin
Posts: 525
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Defective entries in phishing.bad.sites.conf

Post by darky83 » 08 Nov 2018 23:26

Try again, created a quick workaround to fix this for now.

it doesn't seem to affect the safe sites list so this should fix it for now, thanks for reporting :)
E.F.A 3.0.2.6 update released

paulo88
Posts: 12
Joined: 06 Dec 2017 16:06

Re: Defective entries in phishing.bad.sites.conf

Post by paulo88 » 09 Nov 2018 07:39

Thank you, that fixed these faulty entries.
Now these FQDNs are correctly marked as definitive fraud.

Thanks for the fast fix.

Post Reply