yup. very little email needs to be html.
On Monday 15 November 2004 7:43 pm, Todd Lyons wrote:
> John Jolet wanted us to know:
> >I have to laugh and slap my knee here...as all the email I get from
> > friends and acquaintances that use hotmail end up sending me pure
> > html.not multipart mim
John Jolet wanted us to know:
>I have to laugh and slap my knee here...as all the email I get from friends
>and acquaintances that use hotmail end up sending me pure html.not
>multipart mime with a text and html partJUST html. Very annoying when
>saving the message as text or using mut
Matt [EMAIL PROTECTED] wrote:
> > > > > Thanks, but the point of my question was that I wanted to know
> > > > > whether there are more "social engineering" signature in the
> > > > > database than just phishing ones.
>
> Getting back to the somewhat original question, if you download the
> signatu
Ken Jones [EMAIL PROTECTED] wrote:
> Knowing two "freinds" that have responded to phising emails and what it
> took afterwards to correct the problem . they would beg you to
> remove the possability of this threat.
Bit Fuzzy [EMAIL PROTECTED] wrote:
> I'm sorry, but I personally know 7 people
> > > > Thanks, but the point of my question was that I wanted to know
> > > > whether there are more "social engineering" signature in the
> > > > database than just phishing ones.
Getting back to the somewhat original question, if you download the
signatures.pdf from the Clam website, that gi
[EMAIL PROTECTED] wrote:
> > exploits, etc...I'm honestly beginning to wonder how hard
> > that would be to make and whether it may be of use for some sites.
>
> Microsoft SMTP Server allows this via CDO.Message
> "When... you set the HTMLBody property, Microsoft Collaboration Data
> Objects (CD
Bart Silverstrim wrote:
I find it interesting though that I've yet to hear from anyone
commenting on my proposal to create a filter that will extract and
convert all emails into pure text, or reformat it so only certain things
can get through as an attachment with a pure text message so it would
On Nov 15, 2004, at 4:44 PM, Dave Goodrich wrote:
Bart Silverstrim wrote:
I find it interesting though that I've yet to hear from anyone
commenting on my proposal to create a filter that will extract and
convert all emails into pure text, or reformat it so only certain
things can get through as
On Nov 15, 2004, at 5:35 PM, Nigel Horne wrote:
On Monday 15 Nov 2004 9:23 pm, Bart Silverstrim wrote:
Since I don't know any of the developers
You can find our names in .../AUTHORS.
-Bart
-Nigel
Well...I still don't *KNOW* you :-)
Nice to kinda sorta meet you though. You and the rest of ../AUTHOR
On Nov 15, 2004, at 4:41 PM, <[EMAIL PROTECTED]> wrote:
Bart Silverstrim wrote:
I find it interesting though that I've yet to hear from anyone
commenting on my proposal to create a filter that will extract and
convert all emails into pure text, or reformat it so only certain
things can get through
On Nov 15, 2004, at 4:39 PM, Kevin W. Gagel wrote:
If I could use a single package to virus scan, spam scan and
protect my users and company against phishing attacks then I
would gladly use it (provided of course it was reliable).
If I could use one operating system free from most bugs and glitches
On Nov 15, 2004, at 4:27 PM, Dennis Skinner wrote:
Dave Goodrich wrote:
My preference has been stated. I would prefer SpamAssassin do the
puzzle solving of message bodies, headers, URI lookups, message
obfuscation, etc and let ClamAV do the signature matching of
attachments.
SA uses many more re
On Nov 15, 2004, at 2:41 PM, Ken Jones wrote:
Phising poses a threat to your users. The line between malware and
virus'
is a very grey one.
Phishing is a threat if they supply information. How do you stop
people from voluntarily giving information over? Scan every mail for
text or formatting t
I have to laugh and slap my knee here...as all the email I get from friends
and acquaintances that use hotmail end up sending me pure html.not
multipart mime with a text and html partJUST html. Very annoying when
saving the message as text or using mutt.
On Monday 15 November 2004 3:41
Bart Silverstrim wrote:
I find it interesting though that I've yet to hear from anyone
commenting on my proposal to create a filter that will extract and
convert all emails into pure text, or reformat it so only certain things
can get through as an attachment with a pure text message so it would
Bart Silverstrim wrote:
> I find it interesting though that I've yet to hear from anyone
> commenting on my proposal to create a filter that will extract and
> convert all emails into pure text, or reformat it so only certain
> things can get through as an attachment with a pure text message so it
Dennis Skinner wrote:
Dave Goodrich wrote:
My preference has been stated. I would prefer SpamAssassin do the
puzzle solving of message bodies, headers, URI lookups, message
obfuscation, etc and let ClamAV do the signature matching of attachments.
SA uses many more resources than ClamAV. Clam is
- Original Message Follows -
Date: Mon, 15 Nov 2004 12:04:39 -0800
>
> ClamAv is marketed as an antivirus tool. I think, as you
> say, there is a need for a generic anti-malware tool. But
> don't call it clamav.
>
Yes it is, but the day is upon us that virus and spam and
phishing are
Bart Silverstrim wrote:
> I find it interesting though that I've yet to hear from anyone
> commenting on my proposal to create a filter that will extract and
> convert all emails into pure text, or reformat it so only certain
> things can get through as an attachment with a pure text message so
On Monday 15 Nov 2004 9:23 pm, Bart Silverstrim wrote:
> Since I don't know any of the developers
You can find our names in .../AUTHORS.
> -Bart
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
__
Dave Goodrich wrote:
My preference has been stated. I would prefer SpamAssassin do the puzzle
solving of message bodies, headers, URI lookups, message obfuscation,
etc and let ClamAV do the signature matching of attachments.
SA uses many more resources than ClamAV. Clam is going to scan the msg
On Nov 15, 2004, at 2:02 PM, jef moskot wrote:
On Mon, 15 Nov 2004, Bart Silverstrim wrote:
...if you're going to start moving it into another direction, it may
be
best to fork that and leave the original recipe alone until the new
direction...
I think you're overstating what the ClamAV team is tr
Tomasz Kojm wrote:
On Mon, 15 Nov 2004 12:04:39 -0800
<[EMAIL PROTECTED]> wrote:
Ken Jones wrote:
I think the thing to remember here is that we are discussing
scanning of email. If the email is malicious, then having clamav
remove it is a good thing in my opinion. Spam (uce/ube) that poses
no thre
On Mon, 15 Nov 2004 12:04:39 -0800
<[EMAIL PROTECTED]> wrote:
> Ken Jones wrote:
> > I think the thing to remember here is that we are discussing
> > scanning of email. If the email is malicious, then having clamav
> > remove it is a good thing in my opinion. Spam (uce/ube) that poses
> > no threa
I can't believe this one subject can create such a mess.
> ClamAv is marketed as an antivirus tool. I think, as you say, there is a
need for a generic anti-malware tool. But don't call it clamav.
Not detecting phishing attempts, would be like allowing Trojans through as
acceptable attachments.
On Nov 15, 2004, at 04:37, Julian Mehnle wrote:
Trog [EMAIL PROTECTED] wrote:
I am, unfortunately, familiar with SpamCop (and all the other similar
'tools'). As a listed contact for over 16million Internet IP
addresses I
receive notices from such 'tools' all the time, and I've *never* had
one that
Ken Jones wrote:
> I think the thing to remember here is that we are discussing scanning
> of email. If the email is malicious, then having clamav remove it is
> a good thing in my opinion. Spam (uce/ube) that poses no threat to
> the user, and is just an anoyance is what SA should be catching.
Cl
I think the thing to remember here is that we are discussing scanning of
email. If the email is malicious, then having clamav remove it is a good
thing in my opinion. Spam (uce/ube) that poses no threat to the user, and
is just an anoyance is what SA should be catching.
Phising poses a threat to y
Brian Morrison [EMAIL PROTECTED] wrote:
> 2) It takes extra work for someone to make the decision, create the
> separate databases etc.
Diego d'Ambra [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > The definition of what _I_ would like ClamAV to detect is: anything
> > that poses a technical
On Mon, 15 Nov 2004, Bart Silverstrim wrote:
> I think (julian's?) original problem was that he didn't see why a virus
> scanner should shoulder the responsibility for every message that goes
> out saying "Hey, click here for k3wl new deals on Mort Gage rat3s!
> Yoove been approved!", when it's not
On Mon, 15 Nov 2004, Bart Silverstrim wrote:
> ...if you're going to start moving it into another direction, it may be
> best to fork that and leave the original recipe alone until the new
> direction...
I think you're overstating what the ClamAV team is trying to accomplish
here. Forget the "sli
Trog wrote:
On Mon, 2004-11-15 at 16:39, Dave Goodrich wrote:
Julian Mehnle wrote:
Am I? I'm just saying that I think that a distinction between technical
attacks and social engineering attacks is possible and meaningful (even if
not everyone would make use of that distinction). That has nothing
Dennis Skinner [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > Counter question: What do have the following in common: 1. tricking a
> > user into clicking a link that takes him to a virus, and 2. tricking a
> > user into clicking a link that takes him to a web page that tricks him
> > into cl
>
> ClamAV should be responsible for detecting objects that are immediately
> dangerous to the user (executables, JPEG exploits, etc.). The user's web
> browser is responsible not to allow untrusted objects from web pages to be
> executed. Those objects don't go through ClamAV as an e-mail scann
Julian Mehnle wrote:
Counter question: What do have the following in common: 1. tricking a
user into clicking a link that takes him to a virus, and 2. tricking a
user into clicking a link that takes him to a web page that tricks him
into clicking on a link that takes him to the virus?
Answer: It'
Hanford, Seth [EMAIL PROTECTED] wrote:
> I agree with Julian that Clam does not seem the logical solution to Spam
> messages.
Please note that I have never talked about ClamAV unwantedly detecting
_spam_. I just talked about social engineering in general and about
phishing in particular.
___
Diego d'Ambra wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:clamav-users-
[EMAIL PROTECTED] On Behalf Of Julian Mehnle
Sent: 15. november 2004 17:54
To: ClamAV users ML
Subject: RE: [Clamav-users] ClamAV should not try to detect phishing
and
othersocial engineering attacks
Trog
Dennis Skinner [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > "technical" := "affecting the technical systems involved in storing
> > and transporting the data items subject to being scanned by ClamAV".
> >
> > "technical threat" := (go figure...)
>
> Would that include viruses that require ac
Hanford, Seth wrote:
Would that include viruses that require action on the part of the
recipient? Included in password protected zips? What is the difference
between tricking a person into opening a password protected zip (which
is not dangerous in its delivered form) and tricking a user into
cli
On Nov 15, 2004, at 12:43 PM, Matt wrote:
If the standard database was segregated, some people would inevitably
cock up their configs and run with partial protection. This can cause
problems not only for themselves, but others, in the case of
propogation.
Whitelist all traffic you want to allow!
Daniel J McDonald [EMAIL PROTECTED] wrote:
> On Mon, 2004-11-15 at 18:00 +0100, Julian Mehnle wrote:
> > What I don't understand is that no one seems to be willing to discuss
> > my proposal of making the signature database modular, i.e. offer
> > social engineering attack signatures separately fro
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Julian Mehnle
> Sent: 15. november 2004 17:54
> To: ClamAV users ML
> Subject: RE: [Clamav-users] ClamAV should not try to detect phishing
and
> othersocial engineering attacks
>
> Trog [E
On Mon, 15 Nov 2004 18:00:32 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> Brian Morrison [EMAIL PROTECTED] wrote:
> > What I am suggesting is that, because you appear to have a
> > requirement that is significantly different from nearly everyone
> > else that has respond
On Nov 15, 2004, at 12:32 PM, Dennis Skinner wrote:
How little user interaction is required before it is considered a
"technical" enough? Require the user to open the attachment? Require
the user to pop their mail?
Technically, most viruses these days are social engineered in some
way. Unlik
> Would that include viruses that require action on the part of the
> recipient? Included in password protected zips? What is the difference
> between tricking a person into opening a password protected zip (which
> is not dangerous in its delivered form) and tricking a user into
> clicking a lin
Julian Mehnle wrote:
> The definition of what _I_ would like ClamAV to detect is: anything
> that poses a technical thread, no matter whether it also poses a
> social/fraud threat or not. That's a clear enough criterion, isn't it?
Again, that can be interpreted in different ways :) What is a
Chris Meadors [EMAIL PROTECTED] wrote:
> How about an e-mail that contains a link that takes one to a webpage
> that exploits the web browser to install a program that will intercept
> the account information the next time the actual site is visited?
That's social engineering.
I know some of you
On Nov 15, 2004, at 12:29 PM, Daniel J McDonald wrote:
clamav kills bad things - that's good, and I'd like it to be able to
continue to kill bad things in the same expedient manner that it has in
the past.
That's not entirely true. There are people who installed it on Windows
and Windows still bo
On Nov 15, 2004, at 12:25 PM, Chris Meadors wrote:
On Mon, 2004-11-15 at 12:12 -0500, Bart Silverstrim wrote:
If it's a bunch of flashy graphics telling you to visit a website for
fantastic deals on hiding money from third world countries while
getting fantastic mortgage rates on your pen1s enlarge
[EMAIL PROTECTED] wanted us to know:
>Why wouldn't you want to scan your home directory for virii? Or scan your
>Windows files over an SMB mount from your Linux box? Or ...
I guess I'm just one of the lucky few who doesn't have to mess with
Windows (except when one of my tenants screws up her Win
Julian Mehnle wrote:
"technical" := "affecting the technical systems involved in storing and
transporting the data items subject to being scanned by ClamAV".
"technical threat" := (go figure...)
Would that include viruses that require action on the part of the
recipient? Included in password prot
On Mon, 2004-11-15 at 18:00 +0100, Julian Mehnle wrote:
> Brian Morrison [EMAIL PROTECTED] wrote:
> > What I am suggesting is that, because you appear to have a requirement
> > that is significantly different from nearly everyone else that has
> > responded in this thread,
> What I don't understa
On Mon, 2004-11-15 at 12:12 -0500, Bart Silverstrim wrote:
> If it's a bunch of flashy graphics telling you to visit a website for
> fantastic deals on hiding money from third world countries while
> getting fantastic mortgage rates on your pen1s enlargement ointment,
> it's for a spam filter.
On Mon, Nov 15, 2004 at 09:17:11AM -0800, Todd Lyons wrote:
> Nigel Horne wanted us to know:
> >On Monday 15 Nov 2004 13:49, Nigel Horne wrote:
> >> FC3 ships with 1.2.1, and RH have yet to issue an update...
> >Mind you, they don't include clam in their distro either, which is
> >surprising.
> I
Nigel Horne wanted us to know:
>On Monday 15 Nov 2004 13:49, Nigel Horne wrote:
>> FC3 ships with 1.2.1, and RH have yet to issue an update...
>Mind you, they don't include clam in their distro either, which is surprising.
I thought that Fedora was aimed for the desktop more than the server,
and
Brian Morrison [EMAIL PROTECTED] wrote:
> "Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> > Trog [EMAIL PROTECTED] wrote:
> > > Please give a full definition of Spam and Malware/Viruses that do
> > > not intersect, and will never intersect for all future Spam and
> > > Malware such that we can be sure
On Nov 15, 2004, at 11:54 AM, Brian Morrison wrote:
On Mon, 15 Nov 2004 17:48:35 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
But there definitely is a distinction between technical attacks and
social engineering attacks, even though they're somewhat overlapping.
I can't
Trog [EMAIL PROTECTED] wrote:
> What you don't seem to understand is that the "distinction between
> technical attacks and social engineering attacks" is irrelevant, because
> thats not what *any* anti-virus product has as a requirement.
So now you're declaring _my_ requirements irrelevant. I'm n
On Nov 15, 2004, at 11:48 AM, Trog wrote:
Not one of the Clam developers have proposed adding general spam
detection to ClamAV.
You're right. This was an idea being proposed, I thought...a
suggestion. Isn't this something worth going over on a "users" list as
discussion?
Sorry if not... :-/
-B
On Nov 15, 2004, at 11:48 AM, Julian Mehnle wrote:
Matt [EMAIL PROTECTED] wrote:
The problem is that, as yourself and others have mentioned, the
distinction between the different categories are dependant upon
personal
interpretation. What one classes as social engineering, someone else
may
class
On Mon, 2004-11-15 at 16:38, Tomasz Kojm wrote:
> On Mon, 15 Nov 2004 16:28:51 +
> Trog <[EMAIL PROTECTED]> wrote:
>
> > Yes, I thought that as well. I wondered if that would be different if
> > there was a Gnome Clam scanner something else thats on my TODO
> > list, which just seems to ge
Brian Morrison [EMAIL PROTECTED] wrote:
> What I am suggesting is that, because you appear to have a requirement
> that is significantly different from nearly everyone else that has
> responded in this thread,
(I don't think you're judging the proportions correctly.)
> you are in the best positio
On Mon, 2004-11-15 at 16:53, Julian Mehnle wrote:
> Trog [EMAIL PROTECTED] wrote:
> > Please give a full definition of Spam and Malware/Viruses that do not
> > intersect, and will never intersect for all future Spam and Malware such
> > that we can be sure we know what you are requesting.
>
> The
On Mon, 15 Nov 2004 17:53:31 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> Trog [EMAIL PROTECTED] wrote:
> > Please give a full definition of Spam and Malware/Viruses that do
> > not intersect, and will never intersect for all future Spam and
> > Malware such that we can
On Mon, 2004-11-15 at 16:48, Julian Mehnle wrote:
> I have not tried to make a distinction between social engineering and
> malware. Those are orthogonal concepts. But there definitely is a
> distinction between technical attacks and social engineering attacks, even
> though they're somewhat ove
On Mon, 15 Nov 2004 16:51:07 + in
[EMAIL PROTECTED] "Paul Dobson"
<[EMAIL PROTECTED]> wrote:
> When I look in the directory that file is not there but there is
> libclamav.1.0.3.dylib.
>
> Anybody any ideas on how to fix this?
A symlink from the libclamav.1.0.3.dylib to libclamv.1.dylib
On Mon, 15 Nov 2004 17:48:35 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> But there definitely is a distinction between technical attacks and
> social engineering attacks, even though they're somewhat overlapping.
I can't see logically how things that are distinct can
Trog [EMAIL PROTECTED] wrote:
> Please give a full definition of Spam and Malware/Viruses that do not
> intersect, and will never intersect for all future Spam and Malware such
> that we can be sure we know what you are requesting.
The definition of what _I_ would like ClamAV to detect is: anythi
On Mon, 15 Nov 2004 17:30:39 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> > You can easily do what you want provided you are prepared to put
> > the time and effort into doing it. Meanwhile everyone else will
> > continue to use the hard work of the ClamAV team to its
On Mon, 2004-11-15 at 16:39, Dave Goodrich wrote:
> Julian Mehnle wrote:
> >
> > Am I? I'm just saying that I think that a distinction between technical
> > attacks and social engineering attacks is possible and meaningful (even if
> > not everyone would make use of that distinction). That has n
Matt [EMAIL PROTECTED] wrote:
> The problem is that, as yourself and others have mentioned, the
> distinction between the different categories are dependant upon personal
> interpretation. What one classes as social engineering, someone else may
> class as, for example, malware. Even though they ca
I have just uninstalled clamav 0.70 and installed clamav 0.80 on MacOSX.
Clamav itself seems to be working ok but freshclam fails to start with an
error message saying that it cannot open /usr/local/lib/libclamav.1.dylib.
When I look in the directory that file is not there but there is
libclamav.
On Mon, Nov 15, 2004 at 11:43:41AM -0500, Tamouh H. wrote:
> Is there an alternative to configure ClamAV to scan exim outgoing mail
> without using the mailscanner package ?
ExiScan comes to mind:
http://duncanthrax.net/exiscan-acl/
--
Riemer Palstra
[EMAIL PROTECTED]
_
Julian Mehnle wrote:
Dennis Skinner [EMAIL PROTECTED] wrote:
Julian Mehnle wrote:
Besides, if mail servers started using SPF (or similar authentication
techniques) to verify envelope sender addresses, whoever publishes SPF
records for his domains would be
Not to start another flame war, but I find
On Mon, 15 Nov 2004 16:28:51 +
Trog <[EMAIL PROTECTED]> wrote:
> Yes, I thought that as well. I wondered if that would be different if
> there was a Gnome Clam scanner something else thats on my TODO
> list, which just seems to get bigger all the time.
Take a look at:
http://wolfpack.twu
On Nov 15, 2004, at 11:14 AM, jef moskot wrote:
On Mon, 15 Nov 2004, Bart Silverstrim wrote:
I'd say leave it to the antispammers to hammer out, and to the people
who focus on bayes filters...
In my case, if Clam has a chance to see the phishing e-mail, the
anti-spam
tactics have already failed.
Julian Mehnle wrote:
> > > Thanks, but the point of my question was that I wanted to know
> > > whether there are more "social engineering" signature in the
> > > database than just phishing ones.
Apologies. I misinterpreted that question.
> > Yes, there are. E.g. HTML.Mydoom.email-gen-1 and ot
Brian Morrison [EMAIL PROTECTED] wrote:
> "Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> > You're trying to kid me, right? I'm not going to be scared away just
> > because you wish to take a fundamentalist position that ClamAV should
> > _not_ offer an option to ignore social engineering attacks eve
On Mon, 2004-11-15 at 16:21, Bart Silverstrim wrote:
> It is not a hard nosed approach to protocols or what is or isn't a
> virus, it's (to me) the possibility that taking on spam with signatures
> is losing focus of the objective to Clam. When projects lose focus,
> the quality degrades, and
On Mon, 2004-11-15 at 16:27, Nigel Horne wrote:
> On Monday 15 Nov 2004 13:49, Nigel Horne wrote:
> > FC3 ships with 1.2.1, and RH have yet to issue an update...
>
> Mind you, they don't include clam in their distro either, which is surprising.
>
Yes, I thought that as well. I wondered if that w
Hi !
Is there an alternative to configure ClamAV to scan exim outgoing mail
without using the mailscanner package ?
Thx,
Tamouh Hakmi
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Monday 15 Nov 2004 13:49, Nigel Horne wrote:
> FC3 ships with 1.2.1, and RH have yet to issue an update...
Mind you, they don't include clam in their distro either, which is surprising.
-Nigel
--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTE
Dennis Skinner [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > Besides, if mail servers started using SPF (or similar authentication
> > techniques) to verify envelope sender addresses, whoever publishes SPF
> > records for his domains would be
>
> Not to start another flame war, but I find it
On Nov 15, 2004, at 10:40 AM, Dennis Skinner wrote:
Julian Mehnle wrote:
Besides, if mail servers started
using SPF (or similar authentication techniques) to verify envelope
sender
addresses, whoever publishes SPF records for his domains would be
Not to start another flame war, but I find it inte
On Mon, 15 Nov 2004, Bart Silverstrim wrote:
> I'd say leave it to the antispammers to hammer out, and to the people
> who focus on bayes filters...
In my case, if Clam has a chance to see the phishing e-mail, the anti-spam
tactics have already failed. So, from my point of view, this is extra
pro
On Mon, 15 Nov 2004 13:37:04 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> You're trying to kid me, right? I'm not going to be scared away just
> because you wish to take a fundamentalist position that ClamAV should
> _not_ offer an option to ignore social engineering
Julian Mehnle wrote:
Besides, if mail servers started
using SPF (or similar authentication techniques) to verify envelope sender
addresses, whoever publishes SPF records for his domains would be
Not to start another flame war, but I find it interesting that you take
such a hard-nosed approach to
Tomasz Kojm [EMAIL PROTECTED] wrote:
> "Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> > Thanks, but the point of my question was that I wanted to know whether
> > there are more "social engineering" signature in the database than
> > just phishing ones.
>
> Yes, there are. E.g. HTML.Mydoom.email-gen-
Graham Toal [EMAIL PROTECTED] wrote:
> Haven't you had any privacy issues from your users yet? Maybe a real
> mail wrongly filed, with a subject line and a from address which gave
> away something they'd rather was not public?
The public table is just a static snapshot I took and anonymized befor
On Mon, 15 Nov 2004 16:02:03 +0100
"Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> Matt [EMAIL PROTECTED] wrote:
> > Julian Mehnle wrote:
> > > I might be able to remove the signatures I don't want, but I would
> > > still have to know if there is "an authoritative hierarchy of
> > > signature names
Matt [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > I might be able to remove the signatures I don't want, but I would
> > still have to know if there is "an authoritative hierarchy of
> > signature names from which I can see what hierarchy branches
> > ('HTML.Phishing.*', etc.)" I would have
> Matt [EMAIL PROTECTED] wrote:
> > Nice layout, BTW.
>
> Thanks. I'll probably have to improve it a bit, though, because the table
> is far too wide for most screens.
Haven't you had any privacy issues from your users yet? Maybe a real
mail wrongly filed, with a subject line and a from address
On Nov 15, 2004, at 8:26 AM, jef moskot wrote:
On Mon, 15 Nov 2004, Trog wrote:
For example, the last Bagle (or Bofra) outbreak simply sent an email
to
it's target victims, who then have to click on a link to download the
Worm. According to your definition, that is a 'social' attack, and
should no
Julian Mehnle wrote:
> Pardon me, Trog offered me two options, of which "user another product"
> was the first. If that isn't scaring me away for you, then I don't know
> what is.
That was just another alternative :)
> I might be able to remove the signatures I don't want, but I would still
>
Steve Brown [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > http://julian.io.link-m.de/misc/rejected-messages
>
> Very nice. What did you use to create that?
I am using Courier as my MTA and the self developed, Perl-based
Courier::Filter for rejecting messages. I wrote a logger module for
Cou
Matt [EMAIL PROTECTED] wrote:
> Trog wrote:
> > I'm not trying to "scare you away", I really don't care what you do.
> >
> > I've told you how you can easily do what you want, using ClamAV.
>
> As Trog has already mentioned, you can simply remove the phishing
> signatures from the database. This i
Daniel J McDonald [EMAIL PROTECTED] wrote:
> On Mon, 2004-11-15 at 08:26 -0500, jef moskot wrote:
> > Personally, I don't think much of SpamCop, but I do see that as
> > Julian's most compelling argument. I think that warrants a ClamAV
> > option, but I also think it would be ill-advised to use it
Julian Mehnle wrote:
> Instead I outright reject unwanted messages during the SMTP
> transaction, so the sender gets notified. My users can see what
> messages have been rejected by skimming over a list of recently rejected
> messages once or twice a week (see an example here[1]). This practice
>
On Mon, 2004-11-15 at 13:49 +, Nigel Horne wrote:
> FC3 ships with 1.2.1, and RH have yet to issue an update...
ditto for Mandrake 10.1
I think that might change if the zlib team would update
http://www.gzip.org/zlib which is described as the "canonical URL" ...
--
Daniel J McDonald, CCIE
Trog wrote:
> > You're trying to kid me, right? I'm not going to be scared away just
> > because you wish to take a fundamentalist position that ClamAV should
> > _not_ offer an option to ignore social engineering attacks even though
> > they are clearly different from technical attacks.
>
> I'm
1 - 100 of 113 matches
Mail list logo
