Bug 7564 - Phishing Plugin based on OpenPhish feed
Summary: Phishing Plugin based on OpenPhish feed
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Plugins (show other bugs)
Version: unspecified
Hardware: PC OpenBSD
: P2 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-03 17:29 UTC by Giovanni Bechis
Modified: 2018-08-30 07:34 UTC (History)
5 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
OpenPhish plugin patch None Giovanni Bechis [HasCLA]
regex fix patch None Giovanni Bechis [HasCLA]
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Giovanni Bechis 2018-03-03 17:29:44 UTC 
Created attachment 5549 [details]
OpenPhish plugin

OpenPhish is a fully automated self-contained platform for phishing intelligence. It identifies phishing sites and performs intelligence analysis in real time without human intervention and without using any external resources, such as blacklists.

This plugin uses the OpenPhish feed to check if uris are present in their list.
ATM only the free version data feed is supported.
Comment 1 Giovanni Bechis 2018-03-05 09:15:55 UTC 
Created attachment 5550 [details]
regex fix

Further developments will be available at:
https://github.com/bigio/spamassassin-plugin-Phishing
Comment 2 Kris Deugau 2018-03-05 20:55:18 UTC 
Looks interesting but I don't think it can be enabled by default in stock SA:

from https://openphish.com/terms.html:

"
 Rules of Conduct

The Services are provided solely for your personal use. You agree not to use any part of the Services for any commercial purposes without the prior written consent of OpenPhish."
Comment 3 Benny Pedersen 2018-03-05 22:47:50 UTC 
is long uri testing usefull ?
Comment 4 Giovanni Bechis 2018-03-05 22:50:16 UTC 
rspamd has a similar plugin, I do not know how they manage legal terms.
Anyway latest version has also "slightly tested" PhishTank support which seems free for any use.
Comment 5 Kevin A. McGrail 2018-08-28 23:55:10 UTC 
Giovanni, I'd encourage you to look at adding this with a MANIFEST, v342.pre entry and some work on the man pages with examples how to turn it on.
Comment 6 Giovanni Bechis 2018-08-30 07:34:05 UTC 
Committed in r1839638 for both trunk and 3.4.