-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of jef moskot Sent: dinsdag 27 november 2007 13:59 To: ClamAV users ML Subject: Re: [Clamav-users] Phishing feature defaults, naming, and 0.92
On Tue, 27 Nov 2007, Mark wrote: > Hmm, i'm just in the process of upgrading from 0.88.7 to 0.91.2 > (FreeBSD). "The difference in accuracy between what we were used to and > the newer version was so large that it fundamentally changed the nature > of the product," do you mean that in a bad way? > It depends on how you used it before. If you'd used it as > part of a scoring system, then you just need to weight > phishing hits less than standard virus hits. > > If you previously rejected/quarantined/dropped messages > based solely on whether they were positive hits, then you > should turn off the anti-phishing checks (or at least not > act directly upon them). > > The false positive rate for phishing is extremely high, > relative to what you're used to, and can't be reasonably > used as a sole determinant of deliverability. > > In short, you can't use Clam as a simple binary good/bad > test with the anti-phishing stuff turned on. Thanks for the heads-up. Yes, before I was indeed using clamd in a 'binary' way: infected mails were dropped on the spot. So maybe I really best turn that option off then. Not to start anything, but I've always believed that phishing detection isn't necessarily the domain of anti-virus software to begin with (I use an adapted version of SA for that); so it seems I'm better off not letting clamav do any phising detection any more. Which is fine by me. - Mark _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
