On Tue, 16 Nov 2004, Julian Mehnle wrote: > If people require machines as desperately as that to prevent themselves > from falling for fraud attempts...
...then they're pretty much behaving in the manner humanity always has and always will. > To those of you who argue that ClamAV should detect phishing attacks > even though tools like SpamAssassin are designed and inherently better > suited for doing that, I'd like to say that you will never really be > able to abandon SpamAssassin & Co. anyway. Again, I don't think that's what the ClamAV team is trying to accomplish here. They're just going after the most active phishing threats out there, not trying to completely prevent your system from any sort of unwanted e-mail (or even every possible phishing attack). I understand that you want your users to have the right to screw themselves, which I understand from a philosophical standpoint, despite the fact that I think it's terribly silly. But, you aren't demanding that everyone else be terribly silly, so I don't see any problem with your request. Given the way things have happened in the past, I wouldn't be surprised if this functionality were quietly added in the next CVS release while everyone keeps arguing about how many clicks it takes to make something a virus. The argument I DON'T think much of is the "slippery slope" argument, mostly for this reason...interspersed between all the discussion in this thread are tons of confirmation messages in my inbox, letting me know that ClamAV has nailed tons of phishing messages that wouldn't have otherwise been caught. Job well done. There are dozens (hundreds?) of new viruses and tronjans added to the database every week that most of our systems will never see, but no one complains about the resource hit those are making, because we all know that on the off-chance we ever get one of these rare beasts, we'd be very happy ClamAV was there to stop it. The argument that phishing attacks are a bunch of one-offs that you'll never see again is not backed up by my data. The very first anti-phishing signature added to the database got nabbed a few specimens just today. Maybe in a month they'll be gone forever, but such is the way of worm flare-ups these days as well. Despite all the hyperbole, what's really happened here is that a small amount of work (ie, a few signatures) has been done that will save a disproportiately huge amount of headaches in the sys admin community. There's no point in claiming the sky is falling, just yet, anyway. I think this is a worthwhile discussion to have, and philosophical ideals are important, but we should also take a peek at the real world from time to time as well. We should be watchful of any drastic turns in ClamAV development, but we haven't seen any of those yet. Jeffrey Moskot System Administrator [EMAIL PROTECTED] _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
