On Nov 14, 2004, at 9:14 PM, Jason Haar wrote:
This is a "me too". I am ABSOLUTELY in love with ClamAV due to the fact it has gone beyond what most commercial AV players are doing, and is incorporating scanning for phishing and spyware.
If you follow the industry, you will see that most AV vendors are bringing out *separate* products to detect spyware - i.e they want us the consumers to pay TWICE to gain full protection.
I think it's a crock - and I'm glad to see the ClamAV developers do too. Viruses/trojans/phishing/spyware - it's all rubbish I would rather was not in my end-users mailboxes.
If it is incorporated, I also think it should be something that can be disabled as well. I think I'd prefer not having false positives caused by spam blocking and the heuristics going wonky. Clam is very reliable when it comes to stopping viruses, but I've never found something that can stop all the spam crap flowing on the Internet; the UNIX philosophy has always been one of modularity and creating programs for doing focused tasks and combining different "modules" for a solution. We've been happy with our virus solution for the mail server, and I'd prefer not having to justify it when the spam level that it may start promising to stop is instead letting things through or mis-quarantining it.
phishing attacks should be handled by things like Spamassassin and the bayes filters...also free, focused on stopping those specific problems and having administrators needing to check two separate quarantines or lists (one from Clam and one from their spam solution) to hunt down a possible mislabeled message.
One question though...if it is going to block spam and phishing attacks, how are signatures going to be instituted? I mean, how accurate would the signature system be...with all the spam out there, is it going to recognize a general pattern so one sig would stop maybe four or five common spams, or will the virus definitions suddenly balloon up in size to cover every p3nis, pen1s, pen is variation out there hitting the mail servers? If there were some way of knowing how flexible and accurate the signatures are, maybe it could alleviate some of my fears personally. I just find it hard to believe that signatures would be a good solution to phishing and spam, or systems like SpamAssassin would probably have moved to it by now.
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
