David F. Skoll wrote: > Dennis Peterson wrote: > >> That which you can't test you are obliged to understand. If you >> can't understand a thing because of time constraints, complexity, or >> inadequate documentation, then you turn it off until circumstances >> change. You finally kinda did that. > > Yes. However, the Clam developers clearly also did not understand the > new feature or they would not have turned it on by default. More > generally, Clam developers (most developers anywhere, in fact) > probably lack the resources to fully appreciate the implications of > new features, so it behooves them to keep the new features disabled by > default.
They didn't turn it on and they didn't install it. They provided a sample config that is incapable of running and which requires administrative attention in order to use. What finally ends up running on the system is your job and mine to manage. I agree that the phishing feature needs more work - especially in the pattern files where unanchored wild-cards create whole-file searches per pattern. And this reminds me of a question I have been meaning to ask of the dev team: Are these patterns applied against file types where phishing patterns have zero probability of being found such as the contents of /sbin, /bin, /usr/lib, for example. If so it is a big wast of computer time. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
