I think the thing to remember here is that we are discussing scanning of email. If the email is malicious, then having clamav remove it is a good thing in my opinion. Spam (uce/ube) that poses no threat to the user, and is just an anoyance is what SA should be catching.
Phising poses a threat to your users. The line between malware and virus' is a very grey one. Knowing two "freinds" that have responded to phising emails and what it took afterwards to correct the problem ..... they would beg you to remove the possability of this threat. Having cross-over of functionality can / is in many cases a good thing. The other day, a virus made it by clamav. It made it past McAfee on the users machine. By the time they opened the mail and it started spamming the network with email, clamav had updated their defs and it was stopped. It took a few more hours before McAfee had a new defs file out. In this case, multiple virus scanners was a good thing. Please don't think I am saying I want clamav to become a spam filter as well, but adding in the sigs for items like the phising mail I think is great. -- Ken Jones [EMAIL PROTECTED] _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
