On Nov 14, 2004, at 9:32 AM, Joe Maimon wrote:
Steve Basford wrote:
Perhaps a way to disable certain signatures or patterns of signatures would be better?
since ClamAV reached v0.80, I am using it to scan and reject e-mail
messages. Today I noticed that ClamAV also detects phishing attacks.
Phishing is pure social engineering and poses no threat whatsoever in a
technical sense.
I'm certainly *very* happy that ClamAV team have added more phishing detections (thanks Trog et all).
Yes, you're correct it's social engineering.... but it doesn't stop users clicking on the links
and downloading the keylogging trojan, from the remote site that the phish email takes them to.
I don't personally think we need a "--no-phishing" option in ClamAV but someone might ;)
wouldn't this also still encourage spreading or altering Clam's role in what it should and shouldn't detect and at the same time increase the burden on the developers...? Someone would still have to classify what each signature is and what fits what categories...
(granted, the proposal now is just virus vs. phishing, but slippery slope would say it would be only a matter of time before another option is added to further separate them, like new viruses vs. old database viruses so admins could separate them out for statistics or something like that...add more flags to headers for analysis by stats programs or something).
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
