-----Original Message----- From: [EMAIL PROTECTED] [mailto:clamav-users- [EMAIL PROTECTED] On Behalf Of Julian Mehnle Sent: 15. november 2004 17:54 To: ClamAV users ML Subject: RE: [Clamav-users] ClamAV should not try to detect phishing
and
othersocial engineering attacks
Trog [EMAIL PROTECTED] wrote:
Please give a full definition of Spam and Malware/Viruses that do
not
intersect, and will never intersect for all future Spam and Malware
such
that we can be sure we know what you are requesting.
The definition of what _I_ would like ClamAV to detect is: anything
that
poses a technical thread, no matter whether it also poses a
social/fraud
threat or not. That's a clear enough criterion, isn't it?
Creating such a system has a dramatic impact on the work needed to classify a suspicious sample. These samples often contains weird Jave, HTML etc. that must be decoded and tested with different software versions to ensure no exploit is being triggered and/or harmful content installed.
I'm aware of other AV products that allow you control "sample types" you want it to detect, but I believe that categorizing samples beyond what ClamAV offers today is too time consuming.
Best regards, Diego d'Ambra
All this discussion although interested should be taken place after adding such an option (if wanted) to private CVS sources copy and after testing it.
Just during this looong conversation ;-)
Regards Boguslaw Brandys
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
