On Thu, 27 Jan 2005, Sam wrote:
I have yet another question. I have noticed Clam stopping (or at least to me it appears to be stopping) various phishing attempts. Or am I wrong?
If this is the case, I will start submitting phishing attemps I see (I probably get 3 - 4 a day).
Please don't. Phishing attempts do not automatically propagate (by infecting a machine and being re-sent) and therefore are generally one-time events. As such, they can be trivially changed to evade any signature-based filter, which must obviously generate a signature _after_ the release of each phishing email. As a result, blocking of phishing schemes is best left to anti-spam tools such as SpamAssassin. In contrast, once a virus (or other auto-propagating code) is released, the author no longer has control, so signatures can be developed.
There was a discussion about this several months ago. Unfortunately, many people (including part of the signature-generation team) are too dogmatic about their feelings that "phishing is bad, so we should block it" to look at it logically.
Damian Menscher
Is it causing you (or anyone for that matter) a problem by clamav catching some phishing attempts as opposed to spamassassin catching them? Whats really the issue here? You just dont believe clamav is the right tool for that job, but is there REALLY a problem? I doubt it.
If my car is broken usually I take it to a mechanic. But if a friend of mine who happens to be a plumber can fix it also, does it really matter if I bring it to him instead? No.
-Jim _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
