On Friday 02 Dec 2005 07:44, Robert Menschel wrote: > Hello User, > > Thursday, December 1, 2005, 4:26:43 PM, you wrote: > > UfSML> SARE_FRAUD was suggested but would this be a duplication when > UfSML> we are running clamd virus scanner on all the mail? > > I don't think so. The fraud rules file is aimed at phishing emails. > If clamd catches your phishing emails, then yes, it'd be a > duplication. If clamd doesn't do too good a job on phish, then the > fraud rules would be worth having.
When ClamAV 0.90 finally comes out it will be possible to disable the detection of phishes as malware, so some people may consider SA rule sets like SARE_FRAUD a more appropriate detection mechanism than AV software. See <http://www.clamav.net/faq.html#pagestart> (item 13). At the moment I have to use a condition in an Exim ACL to exclude HTML.Phishing.* "malware" from being discarded so that it can be filtered an reported. -- Rob Skedgell <[EMAIL PROTECTED]>
pgpK7EUBJftst.pgp
Description: PGP signature
