On Nov 15, 2004, at 12:25 PM, Chris Meadors wrote:
On Mon, 2004-11-15 at 12:12 -0500, Bart Silverstrim wrote:
If it's a bunch of flashy graphics telling you to visit a website for fantastic deals on hiding money from third world countries while getting fantastic mortgage rates on your pen1s enlargement ointment, it's for a spam filter.
If it only does harm if you follow a link and then consciously give your account information, be it ebay or bank or paypal, to a third party site, it's for the spam filter.
howzat? :-)
How about an e-mail that contains a link that takes one to a webpage that exploits the web browser to install a program that will intercept the account information the next time the actual site is visited?
Hmm...if it is scripted so no user intervention is necessary for it to run, it's an executable script, so it's clam.
If it is something like "click here to see Anna Kournakova NUDE!" and is just a plain URL, no exploit, then it's spam.
Otherwise, you're talking about something that makes just as much sense to integrate Clam into Squid to scan all traffic streaming through the web proxy...keep users from being able to view this site, it contains harmful code for their computer! Actually if this is a threat, maybe more work should be put into making the file-access-scanner daemon more stable and keeping definitions on the users Windows machine updated for their Windows AV scanner.
The actual harm to the computer in your example still came from the user doing something beyond reasonable safety...being duped into going to a website. The mail itself was harmless. The bug should be patched in the browser so it shouldn't happen. The program getting on the system is no different from any other spyware vector installation.
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
