> Would that include viruses that require action on the part of the > recipient? Included in password protected zips? What is the difference > between tricking a person into opening a password protected zip (which > is not dangerous in its delivered form) and tricking a user into > clicking a link that takes them to the virus?
To me, there seems to be no difficulty in distinguishing these threats. Virus: Malicious content exists WITHIN the e-mail message itself, whether as an attachment, a bit of malformed HTML that causes a MUA to bork/run code, a password-protected zip, a malformed JPG, or anything within the message that can be run, interpreted or rendered to perform procedures on the system itself. Spam: Unsolicited Bulk or Commercial e-mail. This includes any message that contains ill intentions but requires the user to perform an action or run code that resides OUTSIDE of the e-mail message. If a message has a link to phishing or some virus somewhere, it is still only spam. I agree with Julian that Clam does not seem the logical solution to Spam messages. If a message contains both, of course, Clam should have a sig. I hope the developers choose to proceed with Clam and ignore these spam threats (mostly because I'd rather signature-making time be spent on threats that don't already get caught.) However, I'm also starting to whip up my own extraction-without-phishing sigs scripts to fit my environment. Seth _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
