On 09/05/11 16:18, Matus UHLAR - fantomas wrote:
Do you have an idea how should I detect if a mail is a phish, or any
other content (which?) that should our abuse@ teram know about?
On 06.09.11 12:15, aCaB wrote:
You are supposed to recognize phishing from the virus names, for example
using a regex like: ^(Email|HTML)\.Phishing
Mind you, there are currently 2 spurious entries which are likely not
intended to be there. I'm gonna fix them this week:
acab@barney:~$ sigtool -l | grep -i phish | egrep -v
'^(HTML|Email)[.]Phishing'
Catphish.698.A
Catphish.698.B
E-Mail.Phishing.SMT
PDF.Phishing
Yes, that is the main reason why I've been asking.
Another question is, if there's other kind of content that can be
e-mailed by users and thus forwarded to abuse@ addresses and to it
should not be rejected
Does ClamAV (plan to) separate different kinds of malicious content
this way?
Or should I allow to pass all malicious content to abuse@ addresses?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
