Jan-Pieter Cornet wrote: > PhishingScanURLs should be off, in my opinion, for every mailserver > installation that actually cares about delivering legitimate mails to > its users. So that would imply the default to be "off". > > Agreed, the defaults should not generate false positives, or have a very small chance to do so. The default will be changed, but not to "off", see [1].
> In fact, this very feature is the reason we are considering to stop the > use of ClamAV. You'll have the possibility to turn on only parts of the checks, see [1]. Are you considering to stop using ClamAV *entirely* or just turn off specific features? > Complete lack of a standard naming scheme to distinguish > between viruses and phishing mails is also a factor here. > ClamAV does have different names for malware and phish. See http://wiki.clamav.net/Main/MalwareNaming. If you know particular signatures that don't respect these rules, please tell us. If you are referring to a standard naming scheme among different anti-virus products, it is an entirely different matter, and is just not possible generally. > The reason we're so concerned about this is the false positive rate. > Traditionally, virus scanners have had a negligible false positive > ratio (less than 1 in 1E9, typically). This means it is in > practice no problem to flat-out reject or discard mails that are flagged > as a virus. > Agreed. > However, spam and phishing detection has a much higher false positive > rate, so it's very unwise to discard the mails, and it's usually bad > to reject them (because of automatic bounce handling by legitimate bulk > mailers), so we put such mails in a special folder. Why does this make you wanting to drop the use of ClamAV? You can filter based on "virus found name", and those containing 'Heuristics' can go to your special folder. Or you can turn the feature entirely off. [1] http://lurker.clamav.net/message/20071114.165015.e815b938.en.html P.S.: the performance issues with the phishing feature will be fixed in 0.92. The team apologizes for the delay of 0.92, the reasons are beyond us: licensing issues with unrar. --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
