Phishing and Spam

Well, I use the internet, I have an e-mail address, and so it is very certain that I get spam – quite a lot of it, something around 80 e-mails a day.

What to do? Well, I use kmail, so the choice is quiet easy: I installed Spamassassin, and went through the very comfortable spam-filter-wizard of KMail. After that, Spamassassin identified the most spam mails, and all I had to do was checking once a day if there was a false positiv.

So long, so good – but still not perfect: I had some phoshing e-mails annoying me again and again. Not that i would click on them, but they were automatically sorted into my e-bay or paypal directories, and I didn’t want it to. So one chance was to train spamassassin against phishing e-mails – but that would be very hard because for example ebay-phishing is very similar to real e-bay mails despite one changed address.
Another problem is that spamassassin works quite slow – it need some time for scanning a e-mail, and KMail is blocked at this time, which is a problem of KMail.

So what to do?

For the second problem I decided to switch over to another spam filter. Although Fedora Core does not come along with another KMail-supported filter, I found a bogofilter package somewhere and decided to give it a try – and it works very fast, much fast than spamassassin. We will see if bogofilter gets slower the better I train it, but from the first experiences it is almost untrained much fast than an untrained Spamassassin, so I’m quite confident about that..

What what to do against Phishing? Luck helped: I installed ClamAV some days ago just to have something if I need it for friends when they send me something. And because I wanted to know if KMail was able to communicate with ClamAV I configured it to scan all my incomming mails.
Some hours later I realized that there was something in the “Virus” directory in KMail – I checked, and found a phishing e-mail without any attachment. That confused me and I scanned the e-mail manually with ClamAV. And see:

$ clamscan Paypal\ Flagged\ Account
Paypal Flagged Account: HTML.Phishing.Bank-159 FOUND

———– SCAN SUMMARY ———–
Known viruses: 42498
Engine version: 0.88
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Time: 2.108 sec (0 m 2 s)

That’s something I really appreciate! It helps to keep an overview about everything going on in my mail system.
But one note: that can only work if you do not have filters which react to mails comming from “ebay” or “paypal” and stop filtering them after detecting. In this case you have to uncheck the “stop filtering” box somewhere in the filter configuration. Or you could put the virus filter rule on top of all mails. It’s left to you, as you want🙂