> Thanks - I'm running ClamAV but what I'm trying to block > isn't viruses.
First this is an INTERESTING effort you are making and I would like to be kept informed of your progress. But please allow a clarification: Those suggesting ClamAV are referring to the apparently fact that ClamAV goes beyond pure "virus scanning" and is also checking for some of these phishing scams. It may or may not do all that you wish -- or you may do well to inform the ClamAV signature developers of your results... > I'm trying to block phishing attempts where the users are > tricked into giving up their account info. I did find a list > and typed in the biggest names. Cool. The most interesting result would be mechanisms for distinguishing valid emails from invalid ones and malicious emails. Here are some more (decent) leads: Anti-Phishing Working Group http://www.antiphishing.org/ Anti-Phishing Working Group Phishing Archive http://www.antiphishing.org/phishing_archive.html (nice list with subject lines easily extractable) Herb Martin [EMAIL PROTECTED] http://LearnQuick.Com Accelerated MCSE in a Week Seminars > 2checkout.com > 2co.com > amazon.com > banknorth.com > bankofamerica.com > bankofoklahoma.com > bankofthewest.com > barclays.co.uk > capitalone.com > charteronebank.com > charterone.com > citibank.com > citizensbank.com > commercebank.com > ebay.com > e-gold.com > fleetbank.com > hsbc.co.uk > huntington.com > keybank.com > lasallebank.com > lloydstsb.co.uk > mbna.com > paypal.com > regionsbank.com > smithbarney.com > southtrust.com > suntrust.com > tcfbank.com > unionplanters.com > usbank.com > visa.com > wamu.com > wellsfargo.com > This is the ACL I'm testing it with - but I hope to change > the warn into a drop. > > warn message = X-Verify-failure: Sender domain does not match > received hosts! $sender_address_domain > log_message = Fraud - Sender domain does not match > received hosts! > $sender_address_domain > senders = [EMAIL PROTECTED];/etc/exim/run/verifylist.db > !condition = ${if > match{$h_Received:}{$sender_address_domain}{true}{false}} > > The idea is that if the sender is in this list then I compare > the senders domain to the received lines and if it doesn't > match - it's phishing. It should catch a lot of it. > > > Odhiambo G. Washington wrote: > > >* Marc Perkel <[EMAIL PROTECTED]> [20050630 00:42]: wrote: > > > > > >Hi Marc, > > > >I looked at my rejectlog and found these mentions: southtrust.com > >gte.net lasallebank.com - rejectlog because clamav detected and > >rejected them. > >So you'd be better of running ClamAv as your malware scanner. > >No need to reinvent a wheel, but yeah, if you believe yours will be > >better, then why not? ;) > > > > > > > -- > ## List details at http://www.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
