The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Filter messages with harmful links

Discussion in 'General Discussion' started by pili, Jun 2, 2005.

  1. pili

    pili Member

    Joined:
    Jun 21, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hi to all.

    I've been searching for a good way to reduce fishing attempts on my server, I've been receiving a lot of fake webcard, photo galleries and such messages with links to executable content. Users with less technical knowledge may be lured and click on one of those links and get a nasty trojan horse from them.

    I searched the forums from inside out, but found no answer. Is there any way on Exim or SpamAssassin to block or rewrite potentially harmful links to executable files on messages? I'm already blocking executable attachments, running antivirus and spam filters..

    Thank you,
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  3. pili

    pili Member

    Joined:
    Jun 21, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thank you

    Thank you for the feedback, I'll investigate Mailscanner for this purpose. Another option that came to my mind was to use a regular expression to rewrite the subject for messages with link to executable files while message is being handled by the system. Unfortunately I have no clue on how to do that. :)
     
  4. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    Go with the MailScanner option with Chirpy.
    It has Phishing scanning built and goes a bit further than just looking for exe links. It also marks links that the html points to locations different from the viewable text.

    exampe
    text = www.ebay.com
    actual html link = http://xxx.xx.xx.xxx/odd_link

    'text' does not match 'link' and gets marked as potential phishing attempt (even if it's legit, but nice to have the warning)
     
  5. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I'd have to concur with SageBrian here.

    For a straightforward solution, and for the peace of mind of knowing it would be done correctly, I'd highly recommand Chirpy's $35 MailScanner package. Its not free, but it is money well well well worth spent.

    http://configserver.com/cp/mailscanner.html
     
Loading...

Share This Page