Damian Menscher wrote:
Please don't. Phishing attempts do not automatically propagate (by
infecting a machine and being re-sent) and therefore are generally
one-time events. As such, they can be trivially changed to evade any
signature-based filter, which must obviously generate a signature
_after_ the release of each phishing email. As a result, blocking of
phishing schemes is best left to anti-spam tools such as SpamAssassin.
In contrast, once a virus (or other auto-propagating code) is released,
the author no longer has control, so signatures can be developed.
I have a lot of those "one-time events" that clamav blocks.
On my installation, I see about the same number of phishing-mails
being block by clamav than the somefool-virus.
It certainly helps my users.
--
Paul Bijnens, Xplanation Tel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512
http://www.xplanation.com/ email: [EMAIL PROTECTED]
***********************************************************************
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***********************************************************************
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
