Per Jessen wrote:
Dennis Peterson wrote:
The best defense against phishing is and has always been education,
fwiw.
Doesn't that apply to virus too?
Of course. And the point is you don't have to come to harm if a phishing
pattern is not available.
Given the ease with which these can be defeated with other simple
tools available to any good messaging server
I could do with a couple of pointers (for server-based use).
The tools to create your own pattern files are included with ClamAV.
There is a tutorial at SaneSecurity that Steve put together. Hopefully
you have some kind of content filtering available the uses regular
expressions (J-Chkmail, SpamAssassin, etc).
I don't mind they are given lower priority than correcting code
errors, improving documentation, discovering and responding to truly
destructive outbreaks, etc.
As a matter of principle, maintaining the database of what ClamAV is
supposed to detect must have the highest priority, IMHO. If not,
everything else is pointless.
I guess you could always ask for a refund if you're unhappy with the
product. I think they're doing a hell of a good job.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
