Daniel J McDonald [EMAIL PROTECTED] wrote:
> On Mon, 2004-11-15 at 08:26 -0500, jef moskot wrote:
> > Personally, I don't think much of SpamCop, but I do see that as
> > Julian's most compelling argument. I think that warrants a ClamAV
> > option, but I also think it would be ill-advised to use it.
>
> So, Julian should use Amavis-new, add spamcop reporters to the
> virus-lover's lookup list, and be done. I'm sure there is a way to make
> the virus-lover's list only hit true on particular virus patterns - at
> least there was discussion of that sort of feature on the ML about six
> months ago, and there have been three new versions since then....
I'm not in a position to use Amavis-* (for reasons that have nothing to do
with Amavis). I'm using a self developed filter with the Courier MTA.
As I said in my second post, I don't absolutely need a ClamAV option to
disable phishing detection (although that would be better, see below):
I wrote:
> Tomasz Kojm [EMAIL PROTECTED] wrote:
> > Julian Mehnle <[EMAIL PROTECTED]> wrote:
> > > How can I configure ClamAV not to try to detect phishing and other
> > > social engineering attacks?
> >
> > Modify your mail scanner to pass "HTML.Phishing.*" through.
>
> Yes, I can do that. Is there an authoritative hierarchy of signature
> names from which I can see what hierarchy branches ("HTML.Phishing.*",
> etc.) I would have to whitelist?
The problem with that is that then, phishing attacks that _also_ have a
technically malicious component won't be blocked if ClamAV chooses to
report the phishing component instead of the technically malicious one.
So I still think a ClamAV option to disable the detection of social
engineering attacks would be best.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
