Hi all
Apologies if this turns out to be a duplicate post. I'm posting this on behalf of www.castlecops.com who are in the process of developing a phishing reporting service. Now I wasn't sure if this is really a suggestion, or if just something general CLAM AV users could assist with if they so choose. >From personal experience I've found CLAM to be a great tool in catching many phishing emails, and more importantly many of the sites are still live. It's the intent of CastleCops to have a service (FriedPhish) whereby anyone can be a reporter and submit suspect phishy email for investigation, CastleCops will have a team of volunteers who investigate each report. The idea is once a new submission is verified, a new thread is created in CastleCop's phishing forum alerting the membership, plus giving folks the ability to respond on it there. You can see a number of these already in the forum here http://castlecops.com/f122-Phishing_Fraud_and_Dastardly_Deeds.html labeled "Fried Phish <date> : <target>"......with more detailed data being available for each report. For example http://castlecops.com/modules.php?name=Fried_Phish&fp=phish&id=27&in=1 These reports will also be sent to all the companies with toolbars such as Netcraft, Firetrust, www.antiphishing.org, and other privates lists, plus general folks who subscribe. Emails will also be generated to a list of groups involved in research, and authorities as the main aim here is to get the sites shut down. So far it seems in particular the EBay and PayPal scam sites take longer to shut down, still not sure on the reason why this is. Getting to the point, I think it would be great if somehow there was a facility to send emails blocked/marked as phishing by CLAM onto the folks at CastleCops (not sure whether HTTP or regular email is best) this also swings around as CastleCops who already has a strong membership, could well provide solid data for phishing emails not caught by CLAM and allow CLAM to catch more of these emails should their users so wished. Also given CastleCops is setting the platform to get the bad sites sent out to anyone who wishes to know, it's sharing this information well amongst the greater community. Now I'm not a System Administrator kind of guy, so it's possible I've just missed something technically obvious. But I wondered if this is something either CLAM AV users would be interested in contributing with by sending on the emails, or if this is something CLAM AV itself could have a look at. Any thoughts and comments welcome Cheers Chris _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
