m4rcu5/download-openphish-feed.timer

## download-openphish-feed.timer
[Unit]
Description=Download OpenPhish feed twice a day

[Timer]
OnCalendar=*-*-* *:00/12:00
Persistent=true
Unit=download-phish-feeds@openphish.service

[Install]
WantedBy=timers.target

## download-phish-feeds@.service
[Unit]
Description=Download PhishTank and OpenPhish Feeds
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/download_phish_feeds %i

## download-phishtank-feed.timer
[Unit]
Description=Download PhishTank feed every hour

[Timer]
OnCalendar=hourly
Persistent=true
Unit=download-phish-feeds@phishtank.service

[Install]
WantedBy=timers.target

## download_phish_feeds.sh
#!/bin/bash

# Function to download the PhishTank feed
download_phishtank() {
    FEED_URL="http://data.phishtank.com/data/online-valid.csv.gz"
    DESTINATION_FILE="/var/lib/spamassassin/phishtank-feed.csv"

    # In accordance with https://phishtank.org/developer_info.php you need
    # a customized user-agent to download the feed
    USER_AGENT="phishtank/$(hostname -f)"

    # Download the PhishTank feed with the custom user agent and capture the HTTP status code
    HTTP_STATUS=$(curl -sL -A "$USER_AGENT" -w "%{http_code}" -o "${DESTINATION_FILE}.tmp" "$FEED_URL")

    # Check if the download was successful
    if [ "$HTTP_STATUS" -eq 200 ]; then
        gunzip -fc "${DESTINATION_FILE}.tmp" > "$DESTINATION_FILE" && rm "${DESTINATION_FILE}.tmp"
        echo "PhishTank download successful, destination file updated."
    else
        rm -f "${DESTINATION_FILE}.tmp"
        echo "PhishTank download failed with HTTP status code $HTTP_STATUS, destination file not overwritten."
        exit 1
    fi
}

# Function to download the OpenPhish feed
download_openphish() {
    FEED_URL="https://openphish.com/feed.txt"
    DESTINATION_FILE="/var/lib/spamassassin/openphish-feed.txt"

    # Download the OpenPhish feed and capture the HTTP status code
    HTTP_STATUS=$(curl -sL -w "%{http_code}" -o "${DESTINATION_FILE}.tmp" "$FEED_URL")

    # Check if the download was successful
    if [ "$HTTP_STATUS" -eq 200 ]; then
        mv "${DESTINATION_FILE}.tmp" "$DESTINATION_FILE"
        echo "OpenPhish download successful, destination file updated."
    else
        rm -f "${DESTINATION_FILE}.tmp"
        echo "OpenPhish download failed with HTTP status code $HTTP_STATUS, destination file not overwritten."
        exit 1
    fi
}

# Check for the argument and call the respective function
if [ "$1" == "phishtank" ]; then
    download_phishtank
elif [ "$1" == "openphish" ]; then
    download_openphish
else
    echo "Invalid argument. Use 'phishtank' or 'openphish'."
    exit 1
fi

## local.cf
# Implement PhishTank/OpenPhish feeds on mail content
ifplugin Mail::SpamAssassin::Plugin::Phishing
    phishing_openphish_feed /var/lib/spamassassin/openphish-feed.txt
    phishing_phishtank_feed /var/lib/spamassassin/phishtank-feed.csv

    body      URI_PHISHING        eval:check_phishing()
    describe  URI_PHISHING        Url match phishing in feed

    # It should be impossible for a match to classify as HAM
    score     URI_PHISHING        25
endif
	[Unit]
	Description=Download OpenPhish feed twice a day

	[Timer]
	OnCalendar=--* *:00/12:00
	Persistent=true
	Unit=download-phish-feeds@openphish.service

	[Install]
	WantedBy=timers.target
	[Unit]
	Description=Download PhishTank and OpenPhish Feeds
	After=network.target

	[Service]
	Type=oneshot
	ExecStart=/usr/local/bin/download_phish_feeds %i
	[Unit]
	Description=Download PhishTank feed every hour

	[Timer]
	OnCalendar=hourly
	Persistent=true
	Unit=download-phish-feeds@phishtank.service

	[Install]
	WantedBy=timers.target
	#!/bin/bash

	# Function to download the PhishTank feed
	download_phishtank() {
	FEED_URL="http://data.phishtank.com/data/online-valid.csv.gz"
	DESTINATION_FILE="/var/lib/spamassassin/phishtank-feed.csv"

	# In accordance with https://phishtank.org/developer_info.php you need
	# a customized user-agent to download the feed
	USER_AGENT="phishtank/$(hostname -f)"

	# Download the PhishTank feed with the custom user agent and capture the HTTP status code
	HTTP_STATUS=$(curl -sL -A "$USER_AGENT" -w "%{http_code}" -o "${DESTINATION_FILE}.tmp" "$FEED_URL")

	# Check if the download was successful
	if [ "$HTTP_STATUS" -eq 200 ]; then
	gunzip -fc "${DESTINATION_FILE}.tmp" > "$DESTINATION_FILE" && rm "${DESTINATION_FILE}.tmp"
	echo "PhishTank download successful, destination file updated."
	else
	rm -f "${DESTINATION_FILE}.tmp"
	echo "PhishTank download failed with HTTP status code $HTTP_STATUS, destination file not overwritten."
	exit 1
	fi
	}

	# Function to download the OpenPhish feed
	download_openphish() {
	FEED_URL="https://openphish.com/feed.txt"
	DESTINATION_FILE="/var/lib/spamassassin/openphish-feed.txt"

	# Download the OpenPhish feed and capture the HTTP status code
	HTTP_STATUS=$(curl -sL -w "%{http_code}" -o "${DESTINATION_FILE}.tmp" "$FEED_URL")

	# Check if the download was successful
	if [ "$HTTP_STATUS" -eq 200 ]; then
	mv "${DESTINATION_FILE}.tmp" "$DESTINATION_FILE"
	echo "OpenPhish download successful, destination file updated."
	else
	rm -f "${DESTINATION_FILE}.tmp"
	echo "OpenPhish download failed with HTTP status code $HTTP_STATUS, destination file not overwritten."
	exit 1
	fi
	}

	# Check for the argument and call the respective function
	if [ "$1" == "phishtank" ]; then
	download_phishtank
	elif [ "$1" == "openphish" ]; then
	download_openphish
	else
	echo "Invalid argument. Use 'phishtank' or 'openphish'."
	exit 1
	fi
	# Implement PhishTank/OpenPhish feeds on mail content
	ifplugin Mail::SpamAssassin::Plugin::Phishing
	phishing_openphish_feed /var/lib/spamassassin/openphish-feed.txt
	phishing_phishtank_feed /var/lib/spamassassin/phishtank-feed.csv

	body URI_PHISHING eval:check_phishing()
	describe URI_PHISHING Url match phishing in feed

	# It should be impossible for a match to classify as HAM
	score URI_PHISHING 25
	endif