Quoting Ralf Hildebrandt <ralf.hildebra...@charite.de>:
* Rick Romero <r...@havokmon.com>:
There are additional 'non-official' ClamAV signatures that are meant
to detect phishing attempts.
They do work, but aren't perfect.
Got a link? Or are you thinking of the SaneSecurity Signatures?
Yep. The SaneSecurity Sigs.
I'm fortunate enough to be on the phishing list, so I wrote a quickie
perl script that will grep the logs for all the recipients and then
scan their INBOX for the phishing email and remove it before they
read it.
I usually use doveadm for this.
I'm slow to adopting new technology :) I would definitely do it if I
wasn't still running plain old Maildir.
Rick
