It's a good idea. I'd love to see some statistics about it's effectiveness
/ false positive rate. At the very worst, if it disabled the link, it
wouldn't be that bad.
Regards,
KAm
http://bogus.site.com/.cgi/ebay/cgi";>https://secure.ebay.com
Got that? If the URL *text* in the hyperlink doesn'
We are and it is there in two different places if I remember right! As I
mentioned before, out TOS allows us to charge a customer cleanup fees if we
catch them spamming as well. Anyway, we tell our attorneys what we want to
accomplish... they put it down in legaleze. ;-)
Jim
On Wed, 23 Mar 2005
Hehe, you have never dealt with the newer forms of the browser hijacks then,
they usually exploit a vunderability in windows or use social engineering to
get on a PC (not much I can do but educate customers on the latter,
auto-updates are hopefully taking care of the former as best it can). Once a
> Date: Wed, 23 Mar 2005 10:27:26 -0500
> From: "James Ebright" <[EMAIL PROTECTED]>
> Subject: Re: Phish detection (was Re: [Mimedefang] for mcafee lovers)
>
> I agree... unfortunately most of our clients use windoze and most IE and
> even
> with auto upda
James Ebright wrote:
> I agree... unfortunately most of our clients use windoze and most IE and even
> with auto updates it seems many still manage to get spyware etc on their PC
> once in a while...
But as a general security principle: If I control the computer outside
the gateway, *and* I contr
> >> Since defang is a single user, you just need 1 license but 5 is the
> >> minimum to purchase.
> >
> > I never tried this one with vendors! They accept this?
>
> Probably not... They couldn't stay in business by selling you one license
> to use for say 10,000 users. Most likely they want a
Joseph Brennan wrote:
> I didn't think of getting this from an AV product, and it is
> definitely an interesting reason to run one.
Among the other viruses/exploits that were stopped by my gateways (which run
CLAMD and othe AV engines), my morning statistics showed these numbers, for
phishing exp
I agree... unfortunately most of our clients use windoze and most IE and even
with auto updates it seems many still manage to get spyware etc on their PC
once in a while...
Its as the saying goes.. give me strength to change what I can change, give me
courage to accept the things I cannot change,
Joseph Brennan wrote:
--On Tuesday, March 22, 2005 14:29 -0500 "Kevin A. McGrail"
<[EMAIL PROTECTED]> wrote:
Since defang is a single user, you just need 1 license but 5 is the
minimum to purchase.
I never tried this one with vendors! They accept this?
The consensus seems to be that McAfee at l
Roland Pope <[EMAIL PROTECTED]> noted,
You would need to reject HTML email too to prevent HTML exploits (Unless
you are using text only mail readers).
That's right. We disable iframe, script and object tags in html.
And I guess Phishing attacks are not strictly viruses, even though many
AV vendor
James Ebright wrote:
> The other phishing it does not catch are the ones where the end users hosts
> file has been altered to point secure.ebay.com to a different IP.
If someone is managing to alter the end-user hosts file, then the end-user
has already lost the battle. He/she no longer owns the
On Wed, 23 Mar 2005, Joseph Brennan wrote:
Since defang is a single user, you just need 1 license but 5 is the
minimum to purchase.
I never tried this one with vendors! They accept this?
Probably not... They couldn't stay in business by selling you one license
to use for say 10,000 users. Most
The other phishing it does not catch are the ones where the end users hosts
file has been altered to point secure.ebay.com to a different IP. The only
reliable way to catch those I have seen is to compare the originating relayed
server with a list of known good ones... which is a kludge as this bre
--On Tuesday, March 22, 2005 14:29 -0500 "Kevin A. McGrail"
<[EMAIL PROTECTED]> wrote:
Since defang is a single user, you just need 1 license but 5 is the
minimum to purchase.
I never tried this one with vendors! They accept this?
Joseph Brennan
Academic Technologies Group, Academic Informati
On Wed, 23 Mar 2005, Roland Pope wrote:
> You would need to reject HTML email too to prevent HTML exploits
I reject almost all HTML e-mail; there are very specific conditions
that have to be met for HTML mail to get through my filter.
> (Unless you are using text only mail readers).
I used to u
David Skoll wrote:
> > (Well, OK. Some RP employees use Windoze at home, and I suppose they
> > might check their e-mail from home, so Clam probably is more useful
> > than I'm admitting... grumble grumble...)
>
> My colleague Dave O'Neill pointed out that Clam has signatures
> against phishing
- Original Message -
From: "Joseph Brennan" <[EMAIL PROTECTED]>
We run no AV scanners, because we reject mail with executable file
attachments and zip files. To my knowledge we have accepted absolutely
zero email viruses in the two years or so since we implemented this.
Mimedefang made th
--On Tuesday, March 22, 2005 4:37 PM -0500 "David F. Skoll"
<[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] wrote:
I have heard people ask, "how many AV scanners should I run"?
Some say "one" - some say "as many as you can get".
The McAfee exploit leads me to say "two"
I say: You should run zero AV
Kevin A. McGrail wrote:
> How can you content differentiate
> between a "real" and a phish without something like SURBL?
The Mailscanner guy has a fairly effective heuristic that really
should be plugged into SpamAssassin. He looks for something like this:
http://bogus.site.com/.cgi/ebay/cgi";
Do any commercial AV scanners have phishing signatures? If not, that's
a very strong argument for Clam.
Yes and no. Because Phishing is such a growing concern, EVERYONE is
addressing it in some manner.
For example, I know there are signatures like Phish-BankFraud.eml.X in
McAfee (http://vil.mc
Damrose, Mark wrote:
I run Clam on MD acting as a relay to an Exchange server running McAfee.
Before I upgraded to a version of Clam that would catch phishing e-mails,
the McAfee would regularly catch them. There is still an occasional one
that McAfee catches that slipped past Clam. I have no clu
> -Original Message-
> From: David F. Skoll
> My colleague Dave O'Neill pointed out that Clam has
> signatures against phishing attacks (which are
> platform-independent.) It blocks about six per day for us.
>
> Do any commercial AV scanners have phishing signatures? If
> not, that's
Kevin A. McGrail wrote:
> Finally, while I appreciate the security notice, I think we can all
> agree that virus scanning is only useful if you are running the
> latest engine and signatures regardless of the software used. So for
> the benefit of others using McAfee, the McAfee 4440 engine patche
Following up on myself...
> (Well, OK. Some RP employees use Windoze at home, and I suppose they
> might check their e-mail from home, so Clam probably is more useful
> than I'm admitting... grumble grumble...)
My colleague Dave O'Neill pointed out that Clam has signatures
against phishing attac
[EMAIL PROTECTED] wrote:
> I have heard people ask, "how many AV scanners should I run"?
> Some say "one" - some say "as many as you can get".
> The McAfee exploit leads me to say "two"
I say: You should run zero AV scanners, because you should not be running
systems that are susceptible to e-mai
To clarify, I am not recommending a go with the flow attitude. I am
recommending a multi-tiered approach including something
customers/bosses/colleagues/whatever recognize so you don't have to list to
them when a virus does get through. I highly recommend using bad extensions
and zip checking
http://secunia.com/advisories/14628/
Also, refering to previous av posts, I don't use a product because it is
"popular," I might use it because of its reputation in the field. Mostly, I
use products that work... my customers care not if I use McAfee, Norton, etc..
they care that they are protected
27 matches
Mail list logo