Re: .edu email phishing

[Martin Manjak <mm376 () ALBANY EDU>]

Not to muddy the waters, but we starting using these signatures at the
beginning of March and I haven't had any problems receiving messages on
this list. The sigs do catch a lot of garbage, but we're still getting
the phishing emails.
M-

Mike Iglesias wrote:
> Dave Koontz wrote:
> > Tim, if you are running Barracuda (Spam Assassin) with ClamAV, check
> > out Sane Security's Phishing and Scam signatures.  They do a great
> > job of catching these phishing messages and most of the others out
> > there (like eBay, banks, etc.)   Just schedule an update to run
> > periodically.
> >
> > http://www.sanesecurity.co.uk/clamav/downloads.htm
>
> We've started using these signatures recently, and they are working.
> They work a little *too* well, and have caused some of us to be
> dropped from some mailing lists (like this one) because people are
> posting the phishing email messages that have been sent to their
> campuses to the list (which I'm not complaining about), the Sane
> Security rules catch them, and the email is rejected during delivery.
> After some number of delivery failures, Listserv drops you from the
> list.  So either subscribe using an email address that doesn't get run
> thru the rules or exempt this list (and any others that might have
> sample phishing email posted to them) from rule checking.

--
Martin Manjak
Information Security Officer
University at Albany
CISSP, GIAC GSEC-G, GCIH, GCWN