The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
 / 
Mail-SpamAssassin-4.0.1-rc1f-TRIAL
River stage two • 13 direct dependents • 18 total dependents
10 ++
/ Mail::SpamAssassin::Plugin::Phishing

NAME

Mail::SpamAssassin::Plugin::Phishing - check uris against phishing feed

SYNOPSIS

  loadplugin Mail::SpamAssassin::Plugin::Phishing

  ifplugin Mail::SpamAssassin::Plugin::Phishing
    phishing_openphish_feed /etc/mail/spamassassin/openphish-feed.txt
    phishing_phishtank_feed /etc/mail/spamassassin/phishtank-feed.csv
    body     URI_PHISHING      eval:check_phishing()
    describe URI_PHISHING      Url match phishing in feed
  endif

DESCRIPTION

This plugin finds uris used in phishing campaigns detected by OpenPhish, PhishTank or PhishStats feeds.

The Openphish free feed is updated every 6 hours and can be downloaded from https://openphish.com/feed.txt.

The PhishTank free feed is updated every 1 hours and can be downloaded from http://data.phishtank.com/data/online-valid.csv. To avoid download limits a registration is required.

ADMIN PREFERENCES

The following options can be used in site-wide (local.cf) configuration files to customize how the module handles phishing uris

phishing_openphish_feed

Absolute path of the downloaded OpenPhish datafeed.

phishing_phishtank_feed

Absolute path of the downloaded PhishTank datafeed.

phishing_uri_noparam ( 0 | 1 ) (default: 0)

If this option is set uri parameters will not be take into consideration when parsing the phishing uris datafeed. If this option is enabled and the url without parameters is "generic" (like https://www.kisa.link/url_redirector.php?url=...) the url will be skipped.