On Nov 14, 2004, at 9:26 AM, Steve Basford wrote:
since ClamAV reached v0.80, I am using it to scan and reject e-mail
messages. Today I noticed that ClamAV also detects phishing attacks.
Phishing is pure social engineering and poses no threat whatsoever in a
technical sense.
I'm certainly *very* happy that ClamAV team have added more phishing detections (thanks Trog et all).
Yes, you're correct it's social engineering.... but it doesn't stop users clicking on the links
and downloading the keylogging trojan, from the remote site that the phish email takes them to.
I don't personally think we need a "--no-phishing" option in ClamAV but someone might ;)
I think, unless someone can posit some good counter-arguments, I'd like to voice a "Phishing detection" nay as well. It's a slippery slope...we can't protect users from every idiot scheme coming out. And do we (admins) begin to accept responsibility for when these things get through and Johnny User is the victim of fraud because he didn't stop to verify that it wasn't a scheme before clicking around and giving away private information?
Phishing is more of a spam attack than anything else. Let Spamassasin and Procmail rules stop the phishing if that's what admins want to also take the responsibility for stopping. There seemed to be almost an underlying hostility towards suggestions in the past that Clam be moved beyond any role than virus detection on mail servers (indeed, I'd almost think ClamAV isn't really and *antivirus* and much as a *virus detector*...it doesn't be default do anything other than notify of the presence of a virus so other programs can handle it as they will, and it makes no attempt to disinfect) and moving into spam detection territory is definitely a step outside of that realm. When Clam starts detecting and warning of mails that are just clicktraps for people who should know better, that's more a job from the handbook of SpamAssassin, and I would think the developers have much more to do than try to keep up with signatures to keep up with every permutation of Nigerian schemes and "Verify your password with our web5ite" bank scam.
Just my .02.
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
