RE: [Clamav-users] ClamAV should not try to detect phishing and other social engineering attacks

Mon, 29 Nov 2004 10:51:07 -0800

How do I get clamav to not cc the intended user with the virus notification message?

Thanks


Mark Penkower


At 01:51 PM 11/15/2004, you wrote: 
Brian Morrison [EMAIL PROTECTED] wrote:
> 2) It takes extra work for someone to make the decision, create the
> separate databases etc.

Diego d'Ambra [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > The definition of what _I_ would like ClamAV to detect is:  anything
> > that poses a technical thread, no matter whether it also poses a
> > social/fraud threat or not.  That's a clear enough criterion, isn't
> > it?
>
> Creating such a system has a dramatic impact on the work needed to
> classify a suspicious sample. These samples often contains weird Jave,
> HTML etc. that must be decoded and tested with different software
> versions to ensure no exploit is being triggered and/or harmful content
> installed.

I can't see why discriminating technical attacks from social engineering
attacks would be extra work.  After all, when drafting a signature for a
new attack, a name for the attack has to be chosen.  If you know you're
going to file it as "HTML.Phishing.Bank-12", you have already
distinguished between a technical attack and a social engineering one.

If your point is that classifying new attacks can be a difficult task,
well, though luck, that's how it is.  In order to find a good name for the
attack, you have to do the classifying properly anyway.

So where's the extra work?

And don't tell me creating the database files from the signatures isn't
already a largely automated process. ;-)

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users



NOTICE TO RECIPIENT: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to Royce & Associates, LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information are reserved by Royce & Associates, LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies. 
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Reply via email to