Filter messages with harmful links

pili

Member
Jun 21, 2004
6
0
151
Hi to all.

I've been searching for a good way to reduce fishing attempts on my server, I've been receiving a lot of fake webcard, photo galleries and such messages with links to executable content. Users with less technical knowledge may be lured and click on one of those links and get a nasty trojan horse from them.

I searched the forums from inside out, but found no answer. Is there any way on Exim or SpamAssassin to block or rewrite potentially harmful links to executable files on messages? I'm already blocking executable attachments, running antivirus and spam filters..

Thank you,
 

pili

Member
Jun 21, 2004
6
0
151
Thank you

Thank you for the feedback, I'll investigate Mailscanner for this purpose. Another option that came to my mind was to use a regular expression to rewrite the subject for messages with link to executable files while message is being handled by the system. Unfortunately I have no clue on how to do that. :)
 

SageBrian

Well-Known Member
Jun 1, 2002
416
2
318
NY/CT (US)
cPanel Access Level
Root Administrator
Go with the MailScanner option with Chirpy.
It has Phishing scanning built and goes a bit further than just looking for exe links. It also marks links that the html points to locations different from the viewable text.

exampe
text = www.ebay.com
actual html link = http://xxx.xx.xx.xxx/odd_link

'text' does not match 'link' and gets marked as potential phishing attempt (even if it's legit, but nice to have the warning)
 

webignition

Well-Known Member
Jan 22, 2005
1,880
0
166
I'd have to concur with SageBrian here.

For a straightforward solution, and for the peace of mind of knowing it would be done correctly, I'd highly recommand Chirpy's $35 MailScanner package. Its not free, but it is money well well well worth spent.

http://configserver.com/cp/mailscanner.html