From: Thomas E. <Tho...@th...> - 2015-04-21 06:54:25
|
>It would be great if I could prevent these from being delivered. >@Thomas OK - and what is my part? phishing mails should be and can be - 100% content based detected with clamav for example: Fri Mar 06 11:13:24 2015 -> stream(127.0.0.1@1193): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 11:35:04 2015 -> stream(127.0.0.1@1079): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 12:01:45 2015 -> stream(127.0.0.1@1051): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 12:03:16 2015 -> stream(127.0.0.1@1276): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 12:14:08 2015 -> stream(127.0.0.1@1729): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 12:48:41 2015 -> stream(127.0.0.1@2015): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 12:55:57 2015 -> stream(127.0.0.1@1321): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 13:05:22 2015 -> stream(127.0.0.1@1723): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 13:10:46 2015 -> stream(127.0.0.1@1237): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND Fri Mar 06 13:23:26 2015 -> stream(127.0.0.1@1737): Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net FOUND for phishing mails, clamav is working for me 100,00% without any mistake notice: I use additonaly the clamav signatures from http://www.sanesecurity.co.uk with URIBL - in nearly 100% cases clamav detects the same with HMM and/or Bayesian - reporting is required (possibly manualy corpus correction by the admin is required [/assp/errors/spam/newManualyAdded]) - it speedsup learning, if you decrease 'newReportedInterval' Thomas Von: Jean-Pierre van Melis <jp...@mi...> An: ASSP development mailing list <ass...@li...> Datum: 21.04.2015 04:16 Betreff: Re: [Assp-test] Prevent certain domains to be used with amiguous origin (as anti-phishing) @Thomas We are getting more and more phishing mails supposedly coming from banks. It would be great if I could prevent these from being delivered. Cheers -----Oorspronkelijk bericht----- > Afzender:kr...@gm... <mailto:kr...@gm...> <kr...@gm... <mailto:kr...@gm...> > > Verstuurd: Donderdag 9 April 2015 22:18 > Aan: ASSP development mailing list <ass...@li... < mailto:ass...@li...> > > Onderwerp: Re: [Assp-test] Prevent certain domains to be used with amiguous origin (as anti-phishing) > > If that is to complicated then maybe it would be better tomake another > test "assp-style": > ValidateSPF_strict (checks from header instead of mail from, brakes rfc) > spfSpamLovers_strict (spam lovers for above). > and totaly optinaly whiteListedDomains_spf_strict (per recipient > whitelisting with wildcard option) > > I know plenty of users that would be glad to have such test enabled on > their mailboxes (as they don't use mailing list etc). > > 2015-04-03 20:09 GMT+02:00 kr...@gm... <mailto:kr...@gm...> <kr...@gm... <mailto:kr...@gm...> >: > > It would be great if assp would provide a method for enabling spf > > checking on From header (yes, i know, brakes rfc) for specified local > > email mailboxes with a possibility of disabling it for specified > > sender domains > > > > sugestion for new option: > > Additional SPF Check on the Header from for local specified local > > mailboxes and their exeptions: > > file:files/spf-from.txt > > > > lo...@ma... <mailto:lo...@ma...> => * > > lo...@ma... <mailto:lo...@ma...> => exe...@ma... <mailto:exe...@ma...> , exe...@sp... <mailto:exe...@sp...> > > lo...@ma... <mailto:lo...@ma...> => * > > > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual < http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual> - event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Assp-test mailing list > Ass...@li... <mailto:Ass...@li...> > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ Assp-test mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* |