Give the --postmaster-only option to clamav-milter.
-Nigel
On Mon, 2004-11-29 at 18:50, Mark Penkower wrote:
> How do I get clamav to not cc the intended user with the virus notification
> message?
>
> Thanks
>
>
> Mark Penkower
>
>
> At 01:51 PM 11/15/2004, you wrote:
> >Brian Morrison [E
On Mon, 29 Nov 2004 13:50:40 -0500 in
[EMAIL PROTECTED] Mark Penkower
<[EMAIL PROTECTED]> wrote:
> How do I get clamav to not cc the intended user with the virus
> notification message?
ClamAV doesn't do that, it is your MTA that does it.
--
Brian Morrison
bdm at fenrir dot org dot uk
GnuP
How do I get clamav to not cc the intended user with the virus notification
message?
Thanks
Mark Penkower
At 01:51 PM 11/15/2004, you wrote:
Brian Morrison [EMAIL PROTECTED] wrote:
> 2) It takes extra work for someone to make the decision, create the
> separate databases etc.
Diego d'Ambra [EMAIL
Anouncing a NEW phishing threat ... this is an excerpt from winXP news ...
how to disable the Windows Scripting Host (WSH) to prevent an insidious
new "phishing" technique that uses a script to redirect you to a
fraudulent Web site when you log on to do online banking.
So some of the phishing atta
> On Tue, 16 Nov 2004, Julian Mehnle wrote:
Announcingple require machines as desperately as that to prevent themselves
>> from falling for fraud attempts...
>
> ...then they're pretty much behaving in the manner humanity always has and
> always will.
>
>> To those of you who argue that ClamAV sho
On Tue, 16 Nov 2004, Julian Mehnle wrote:
> If people require machines as desperately as that to prevent themselves
> from falling for fraud attempts...
...then they're pretty much behaving in the manner humanity always has and
always will.
> To those of you who argue that ClamAV should detect ph
On Tue, 16 Nov 2004 at 1:31:22 +0100, Julian Mehnle wrote:
>
> If people require machines as desperately as that to prevent themselves
> from falling for fraud attempts, humanity is truly doomed.
>
It already is ;-) .
Anybody who doubts it can have a look:
http://www.manbottle.com/humor/Furthe
On Tue, 16 Nov 2004 01:31:22 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> If people require machines as desperately as that to prevent
> themselves from falling for fraud attempts, humanity is truly doomed.
It always has been. Never mind the quality, feel the *width*.
Matt [EMAIL PROTECTED] wrote:
> > > > > Thanks, but the point of my question was that I wanted to know
> > > > > whether there are more "social engineering" signature in the
> > > > > database than just phishing ones.
>
> Getting back to the somewhat original question, if you download the
> signatu
Ken Jones [EMAIL PROTECTED] wrote:
> Knowing two "freinds" that have responded to phising emails and what it
> took afterwards to correct the problem . they would beg you to
> remove the possability of this threat.
Bit Fuzzy [EMAIL PROTECTED] wrote:
> I'm sorry, but I personally know 7 people
> > > > Thanks, but the point of my question was that I wanted to know
> > > > whether there are more "social engineering" signature in the
> > > > database than just phishing ones.
Getting back to the somewhat original question, if you download the
signatures.pdf from the Clam website, that gi
Bart Silverstrim wrote:
I find it interesting though that I've yet to hear from anyone
commenting on my proposal to create a filter that will extract and
convert all emails into pure text, or reformat it so only certain things
can get through as an attachment with a pure text message so it would
Brian Morrison [EMAIL PROTECTED] wrote:
> 2) It takes extra work for someone to make the decision, create the
> separate databases etc.
Diego d'Ambra [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > The definition of what _I_ would like ClamAV to detect is: anything
> > that poses a technical
Trog wrote:
On Mon, 2004-11-15 at 16:39, Dave Goodrich wrote:
Julian Mehnle wrote:
Am I? I'm just saying that I think that a distinction between technical
attacks and social engineering attacks is possible and meaningful (even if
not everyone would make use of that distinction). That has nothing
Dennis Skinner [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > Counter question: What do have the following in common: 1. tricking a
> > user into clicking a link that takes him to a virus, and 2. tricking a
> > user into clicking a link that takes him to a web page that tricks him
> > into cl
>
> ClamAV should be responsible for detecting objects that are immediately
> dangerous to the user (executables, JPEG exploits, etc.). The user's web
> browser is responsible not to allow untrusted objects from web pages to be
> executed. Those objects don't go through ClamAV as an e-mail scann
Julian Mehnle wrote:
Counter question: What do have the following in common: 1. tricking a
user into clicking a link that takes him to a virus, and 2. tricking a
user into clicking a link that takes him to a web page that tricks him
into clicking on a link that takes him to the virus?
Answer: It'
Hanford, Seth [EMAIL PROTECTED] wrote:
> I agree with Julian that Clam does not seem the logical solution to Spam
> messages.
Please note that I have never talked about ClamAV unwantedly detecting
_spam_. I just talked about social engineering in general and about
phishing in particular.
___
Dennis Skinner [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > "technical" := "affecting the technical systems involved in storing
> > and transporting the data items subject to being scanned by ClamAV".
> >
> > "technical threat" := (go figure...)
>
> Would that include viruses that require ac
On Nov 15, 2004, at 12:43 PM, Matt wrote:
If the standard database was segregated, some people would inevitably
cock up their configs and run with partial protection. This can cause
problems not only for themselves, but others, in the case of
propogation.
Whitelist all traffic you want to allow!
On Mon, 15 Nov 2004 18:00:32 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> Brian Morrison [EMAIL PROTECTED] wrote:
> > What I am suggesting is that, because you appear to have a
> > requirement that is significantly different from nearly everyone
> > else that has respond
On Nov 15, 2004, at 12:32 PM, Dennis Skinner wrote:
How little user interaction is required before it is considered a
"technical" enough? Require the user to open the attachment? Require
the user to pop their mail?
Technically, most viruses these days are social engineered in some
way. Unlik
Julian Mehnle wrote:
> The definition of what _I_ would like ClamAV to detect is: anything
> that poses a technical thread, no matter whether it also poses a
> social/fraud threat or not. That's a clear enough criterion, isn't it?
Again, that can be interpreted in different ways :) What is a
Chris Meadors [EMAIL PROTECTED] wrote:
> How about an e-mail that contains a link that takes one to a webpage
> that exploits the web browser to install a program that will intercept
> the account information the next time the actual site is visited?
That's social engineering.
I know some of you
On Nov 15, 2004, at 12:29 PM, Daniel J McDonald wrote:
clamav kills bad things - that's good, and I'd like it to be able to
continue to kill bad things in the same expedient manner that it has in
the past.
That's not entirely true. There are people who installed it on Windows
and Windows still bo
On Nov 15, 2004, at 12:25 PM, Chris Meadors wrote:
On Mon, 2004-11-15 at 12:12 -0500, Bart Silverstrim wrote:
If it's a bunch of flashy graphics telling you to visit a website for
fantastic deals on hiding money from third world countries while
getting fantastic mortgage rates on your pen1s enlarge
Julian Mehnle wrote:
"technical" := "affecting the technical systems involved in storing and
transporting the data items subject to being scanned by ClamAV".
"technical threat" := (go figure...)
Would that include viruses that require action on the part of the
recipient? Included in password prot
On Mon, 2004-11-15 at 18:00 +0100, Julian Mehnle wrote:
> Brian Morrison [EMAIL PROTECTED] wrote:
> > What I am suggesting is that, because you appear to have a requirement
> > that is significantly different from nearly everyone else that has
> > responded in this thread,
> What I don't understa
On Mon, 2004-11-15 at 12:12 -0500, Bart Silverstrim wrote:
> If it's a bunch of flashy graphics telling you to visit a website for
> fantastic deals on hiding money from third world countries while
> getting fantastic mortgage rates on your pen1s enlargement ointment,
> it's for a spam filter.
Brian Morrison [EMAIL PROTECTED] wrote:
> "Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> > Trog [EMAIL PROTECTED] wrote:
> > > Please give a full definition of Spam and Malware/Viruses that do
> > > not intersect, and will never intersect for all future Spam and
> > > Malware such that we can be sure
On Nov 15, 2004, at 11:54 AM, Brian Morrison wrote:
On Mon, 15 Nov 2004 17:48:35 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
But there definitely is a distinction between technical attacks and
social engineering attacks, even though they're somewhat overlapping.
I can't
Trog [EMAIL PROTECTED] wrote:
> What you don't seem to understand is that the "distinction between
> technical attacks and social engineering attacks" is irrelevant, because
> thats not what *any* anti-virus product has as a requirement.
So now you're declaring _my_ requirements irrelevant. I'm n
On Nov 15, 2004, at 11:48 AM, Trog wrote:
Not one of the Clam developers have proposed adding general spam
detection to ClamAV.
You're right. This was an idea being proposed, I thought...a
suggestion. Isn't this something worth going over on a "users" list as
discussion?
Sorry if not... :-/
-B
On Nov 15, 2004, at 11:48 AM, Julian Mehnle wrote:
Matt [EMAIL PROTECTED] wrote:
The problem is that, as yourself and others have mentioned, the
distinction between the different categories are dependant upon
personal
interpretation. What one classes as social engineering, someone else
may
class
Brian Morrison [EMAIL PROTECTED] wrote:
> What I am suggesting is that, because you appear to have a requirement
> that is significantly different from nearly everyone else that has
> responded in this thread,
(I don't think you're judging the proportions correctly.)
> you are in the best positio
On Mon, 2004-11-15 at 16:53, Julian Mehnle wrote:
> Trog [EMAIL PROTECTED] wrote:
> > Please give a full definition of Spam and Malware/Viruses that do not
> > intersect, and will never intersect for all future Spam and Malware such
> > that we can be sure we know what you are requesting.
>
> The
On Mon, 15 Nov 2004 17:53:31 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> Trog [EMAIL PROTECTED] wrote:
> > Please give a full definition of Spam and Malware/Viruses that do
> > not intersect, and will never intersect for all future Spam and
> > Malware such that we can
On Mon, 2004-11-15 at 16:48, Julian Mehnle wrote:
> I have not tried to make a distinction between social engineering and
> malware. Those are orthogonal concepts. But there definitely is a
> distinction between technical attacks and social engineering attacks, even
> though they're somewhat ove
On Mon, 15 Nov 2004 17:48:35 +0100 in
[EMAIL PROTECTED] "Julian Mehnle"
<[EMAIL PROTECTED]> wrote:
> But there definitely is a distinction between technical attacks and
> social engineering attacks, even though they're somewhat overlapping.
I can't see logically how things that are distinct can
Trog [EMAIL PROTECTED] wrote:
> Please give a full definition of Spam and Malware/Viruses that do not
> intersect, and will never intersect for all future Spam and Malware such
> that we can be sure we know what you are requesting.
The definition of what _I_ would like ClamAV to detect is: anythi
On Mon, 2004-11-15 at 16:39, Dave Goodrich wrote:
> Julian Mehnle wrote:
> >
> > Am I? I'm just saying that I think that a distinction between technical
> > attacks and social engineering attacks is possible and meaningful (even if
> > not everyone would make use of that distinction). That has n
Matt [EMAIL PROTECTED] wrote:
> The problem is that, as yourself and others have mentioned, the
> distinction between the different categories are dependant upon personal
> interpretation. What one classes as social engineering, someone else may
> class as, for example, malware. Even though they ca
Julian Mehnle wrote:
Dennis Skinner [EMAIL PROTECTED] wrote:
Julian Mehnle wrote:
Besides, if mail servers started using SPF (or similar authentication
techniques) to verify envelope sender addresses, whoever publishes SPF
records for his domains would be
Not to start another flame war, but I find
Julian Mehnle wrote:
> > > Thanks, but the point of my question was that I wanted to know
> > > whether there are more "social engineering" signature in the
> > > database than just phishing ones.
Apologies. I misinterpreted that question.
> > Yes, there are. E.g. HTML.Mydoom.email-gen-1 and ot
Dennis Skinner [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > Besides, if mail servers started using SPF (or similar authentication
> > techniques) to verify envelope sender addresses, whoever publishes SPF
> > records for his domains would be
>
> Not to start another flame war, but I find it
Tomasz Kojm [EMAIL PROTECTED] wrote:
> "Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> > Thanks, but the point of my question was that I wanted to know whether
> > there are more "social engineering" signature in the database than
> > just phishing ones.
>
> Yes, there are. E.g. HTML.Mydoom.email-gen-
On Mon, 15 Nov 2004 16:02:03 +0100
"Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> Matt [EMAIL PROTECTED] wrote:
> > Julian Mehnle wrote:
> > > I might be able to remove the signatures I don't want, but I would
> > > still have to know if there is "an authoritative hierarchy of
> > > signature names
Matt [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > I might be able to remove the signatures I don't want, but I would
> > still have to know if there is "an authoritative hierarchy of
> > signature names from which I can see what hierarchy branches
> > ('HTML.Phishing.*', etc.)" I would have
Julian Mehnle wrote:
> Pardon me, Trog offered me two options, of which "user another product"
> was the first. If that isn't scaring me away for you, then I don't know
> what is.
That was just another alternative :)
> I might be able to remove the signatures I don't want, but I would still
>
Matt [EMAIL PROTECTED] wrote:
> Trog wrote:
> > I'm not trying to "scare you away", I really don't care what you do.
> >
> > I've told you how you can easily do what you want, using ClamAV.
>
> As Trog has already mentioned, you can simply remove the phishing
> signatures from the database. This i
On Nov 14, 2004, at 9:14 PM, Jason Haar wrote:
This is a "me too". I am ABSOLUTELY in love with ClamAV due to the
fact it has gone beyond what most commercial AV players are doing, and
is incorporating scanning for phishing and spyware.
If you follow the industry, you will see that most AV vendo
This is a "me too". I am ABSOLUTELY in love with ClamAV due to the fact
it has gone beyond what most commercial AV players are doing, and is
incorporating scanning for phishing and spyware.
If you follow the industry, you will see that most AV vendors are
bringing out *separate* products to det
> BitFuzzy [EMAIL PROTECTED] wrote:
> > So blocking [social engineering attacks] can only be seen as a good
> > thing.
>
> I disagree, and I already explained why.
>
> I don't even request that ClamAV completely stop detecting such stuff, I
> just request that I have the option of disabling it.
To
BitFuzzy [EMAIL PROTECTED] wrote:
> So blocking [social engineering attacks] can only be seen as a good
> thing.
I disagree, and I already explained why.
I don't even request that ClamAV completely stop detecting such stuff, I
just request that I have the option of disabling it.
On Sun, 14 Nov 2004 13:58:53 +0100
"Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> since ClamAV reached v0.80, I am using it to scan and reject e-mail
> messages. Today I noticed that ClamAV also detects phishing attacks.
> Phishing is pure social engineering and poses no threat whatsoe
Julian Mehnle wrote:
> How can I configure ClamAV not to try to detect phishing and other
> social engineering attacks?
Why? Your prerogative, obviously, but I am just curious.
Matt
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Hi all,
since ClamAV reached v0.80, I am using it to scan and reject e-mail
messages. Today I noticed that ClamAV also detects phishing attacks.
Phishing is pure social engineering and poses no threat whatsoever in a
technical sense.
How can I configure ClamAV not to try to detect phishing and o
57 matches
Mail list logo