On Mon, 15 Nov 2004, Trog wrote: > For example, the last Bagle (or Bofra) outbreak simply sent an email to > it's target victims, who then have to click on a link to download the > Worm. According to your definition, that is a 'social' attack, and > should not be blocked.
I was going to make this same point. I understand what Julian is trying to say, and I don't object to a ClamAV option that would allow him to receive all the unwanted garbage he wants, but I don't really buy his logic. He says some people might want to receive 419 scams and such, but some people might also want to receive viruses. Sys admins often make the call that people can't have free access to viruses, for the good of the community, and I see granting people easy access to spread malware (either accidentally or purposely) or encourage phishing falling into the same category. I appreciate the intellectual argument that ClamAV should remain "modular", but in basic practice, anyone who is preventing users from receiving all the viruses their inboxes can handle isn't doing them a disservice by closing off another malware avenue. The average admin is most likely very pleased with the ClamAV team's decision to block phishing attacks (or at least the incredibly prevelant ones). Personally, I don't think much of SpamCop, but I do see that as Julian's most compelling argument. I think that warrants a ClamAV option, but I also think it would be ill-advised to use it. Jeffrey Moskot System Administrator [EMAIL PROTECTED] _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
