LUCY V 4.2 brings the Gmail Phish Button!

Brand new Gmail Phish Button and full functional Mail & Web Filter Test: LUCY 4.2 is available now!

New LUCY Version 4.2: The popular Phishing Incident Plugin (Phish button) is now also available for Gmail. This means that Google Mail users now also benefit from automated threat analysis. Furthermore, the web and mail filter test has reached the full configuration status. Thus the search for loopholes in web communication is done in minutes instead of days!

LUCY V 4.2 is available for download now. Besides dozens of bugfixes the following new features are available:

  • Massively improved MWF test (Mail & Web Filter Test: Which file and message types ‘go through’?)
  • New SPF CHECK & MX Check (see below)
  • New Docker configuration (behind the scenes)
  • Add a few reporting variables in awareness mail /website
  • Postfix: support TLS for outgoing messages
  • Gmail phishing button!
  • New Campaign Overview Dashboard with new filters
  • Custom image support for Outlook phishing incident plugin
  • Template editor improvement
  • Automatic invoices (details see below)
  • Outlook Phishing Button Plugin: custom image
  • Mail spoofing test (details see below)
  • New Top Navigation


New SPF CHECK & MX Check

1) SPF check. Half our clients spoof their own company domain as a mail sender. As many use SPF records, those mails do not arrive and client thinks LUCY does not work. Thats why we created an SPF check:

  • First: The user saves the message template in a campaign.
  • Second: Verify, if there is a mismatch of the record and LUCY’s IP.
  • If yes, tell this to the user in a popup he need to acknowledge.

This check is also added to the general checks for campaign checks.

2) MX check: When saving an attack scenario, the system checks if the MX record points to LUCY for the sender domain. This is logically wrong. The sender mail server can be different from the MX. Thats’s why we developed a new check, where LUCY verifes if any MX record exists for the domain. If not: most mail server do not accept mail domains, where no MX record exist. Thats why there’s a new popup where LUCY tells the user, that the mail wont arrive unless the used sender domain OR the LUCY-Server IP number gets whitelisted,

Mail Spoofing Test

This tool will help the company to determine, if an external attacker can spoof mails (from company mail domain TO company mail domain; example: sender is [email protected] and receiver is [email protected]).

Automatic invoices

If the user buys more credits or buys lucy, the system creates an invoice (pdf) for the user automatically. The invoices then will be archived and remain accessible to the user.


Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.2

  • “Benchmark Based” campaigns are incorrectly distributed on benchmarks
  • “Client” field in “Incidents” not filled bug (Outlook MSI)
  • “Reset Stats” button marks campaign as Not Running
  • “Service Logs” dont display logs when selecting files in the “File” field
  • “Trying to get property of non-object” when deleting recipient group(s)
  • 404 error after updating to 4.2 when trying to use system with domain
  • Advanced Settings: Date Time & Export issues
  • After update 4.1 – 4.2: Adding a group refresh bug, After start campaign check not working, Copy webpage refresh bug
  • After update on 4.2 – endless reboot
  • Awareness certificate – checkbox “Create Awareness Certificate” bug
  • Awareness certificate file is downloaded without the use of customized styles
  • Awareness Certificate: enduser bug
  • Awareness only report summary chart bug
  • Awareness page link
  • Backup\Restore of campaign (between two different Lucy instances)
  • Campaign comparison bugs
  • Campaign recipient management bug
  • Campaign report doesnt include the content of variable %charts.analyse%
  • Campaign Restart (Reset Stats)
  • Copy Webpage: SSL Error
  • Critical reports bug (from 4.0)
  • Data for plugin cleared
  • Delete duplicate creates unspecified db error
  • Deletion all recipients bug
  • Digital Signature (error: The message contents may have been altered)
  • DKIM selector always is “mail”
  • Download Templates: Install & Replace
  • Editor 500 Bug when accessing system folder via file explorer
  • Error “Empty recipient list.” when adding selected recipients to campaign
  • Error “SMTP server not found” when using “Default Mail Settings”
  • Error 500 if Awareness Only scenario is missing
  • Error 500 when saving Whitelabel
  • Errors in the Whitelabel section
  • Fix Invoice page
  • From LDAP server only some users imported to “Users”
  • Gmail Addon: plugin page causes Error 500
  • Impossible to add recipients in a portable scenario through the campaign
  • In the download links files, the wrong choice of ip / domain is used
  • Incident stats issues
  • Info “Download files” and graphics style bug
  • Label fix
  • LDAPS connection doesn’t work
  • LetsEncrypt: replace expired certificate
  • Letter about changing status of the domain comes in German
  • Login using personal certificate issue
  • Lucy is not updated from 4.1 to 4.2
  • Messages in application log
  • No references to recipients in groups in the “Recipients” section
  • Outlook Plugin: Custom icon causes Outlook to crash
  • Recipients copy bug
  • Recipients search causes error 404
  • Remove/reinstall MSI addon bug
  • Resend Email fails with Database error
  • Scenario landing page proxy bug
  • Skipped questions bug (quiz)
  • SmtpErrorsCommand bug
  • SSL generation bug
  • Template “Health Promotion 1.1” issue
  • Templates: filenames (without spaces)
  • Time variable is not working in landing
  • Training Library: awareness links in preview mode
  • Unselected scenarios included in delayed campaign report

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.