"Oliver Stöneberg" <[EMAIL PROTECTED]> wrote in
news:[EMAIL PROTECTED]
That might be right, but the creator of the Phihsing signatures
(Sven) is pretty serious about what he is doing.
Thanks. :) The reason, because I create so much Phishing sigs is very
simple: I prefer this type of malware, but I create(d) sigs for other
malware as well. I'm not the only sigmaker who created/creates Phishing
sigs, Trog did/does a good job, too.
> Also, I would add that I have submitted a few of these phishes to
> ClamAV's virus submission and they all seem to get discarded without
> comment.
Very bad, I had the same problem, so at one step I decided to send
the creator of the Phishing sigantures a private message with a link
to all my undetected Phishings and he looked at it and two days later
he did a pretty big update adding signatues for almost all my
signatures and cleaning house with a lot of old submissions. I am not
sure how the process is working, but if you submit samples, you can
chose "Phishing" and I guess in the first place we will only look at
those mails. I am not sure how to decide which sigantues will be
added in the first place. I also had a lot of positive experiences as
some actual Phishings were added within hours to the signatures. I am
getting access to a big archive of Phishing mails today and I will
check them and see, which still aren't detected by ClamAV and submit
them.
We have a automated rating-system in our interface (which "counts" similar
submissions) and I've a lot of email-addresses where I receive phishing
mails, too. - And that's how _I_ priorize the sigs/submissions. :)
But _no_ submission is lost. If we get not much samples and a submission
looks very exotic, we don't create a sig for it very quickly.
There is a signature maker, that is only doing Phishing signatures,
so that's not true, that he is busy doing virus signatures
see above :-D
We create sigs in our spare time, so that's another factor: I was on a
boring seminar the whole last week and hadn't time to create sigs :(.
I do trust you to do signatures, I even gave you a lot of mails, but
I think you should really remove the signatures of the mails, that
ClamAV already detects and you should also submit your undetected
mails to ClamAV or Sven directly.
Please submit them via the IFace (http://www.clamav.net/sendvirus.html) with
the origin "Phishing", so that I can find these samples quickly. Please
contact me only in special cases directly.
Best regards,
Sven
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
