Quoting Mike Cardwell dovecot@lists.grepular.com:
On 22/09/11 15:21, Ralf Hildebrandt wrote:
Perhaps, if you have a list of the plain text passwords in advance you could use ClamAV. In our case, we don't as we're using an AD. I actually copied the ClamAV tcp and local interface API so that any MTA which can plug in to ClamAV is also able to plug into Kochi. That's one of the things the framework provides.
There are additional 'non-official' ClamAV signatures that are meant
to detect phishing attempts.
They do work, but aren't perfect.
I'm fortunate enough to be on the phishing list, so I wrote a quickie
perl script that will grep the logs for all the recipients and then
scan their INBOX for the phishing email and remove it before they read
it.
Rick