jef moskot wrote:
On Thu, 27 Jan 2005, Jim Maul wrote:
What if the plumber and the mechanic work on it together? ;)
What if the electrician goes to night school to learn ornithology?
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Or
On Thu, 27 Jan 2005, Sam wrote:
I have yet another question. I have noticed Clam stopping (or at
least to me it appears to be stopping) various phishing attempts. Or am I
wrong?
If this is the case, I will start submitting phishing attemps I see (I
probably get 3 - 4 a day).
Please don't.
On Jan 27, 2005, at 10:25 AM, Damian Menscher wrote:
There was a discussion about this several months ago. Unfortunately,
many people (including part of the signature-generation team) are too
dogmatic about their feelings that phishing is bad, so we should
block it to look at it logically.
Can
Damian Menscher wrote:
Please don't. Phishing attempts do not automatically propagate (by
infecting a machine and being re-sent) and therefore are generally
one-time events. As such, they can be trivially changed to evade any
signature-based filter, which must obviously generate a signature
On Thu, 27 Jan 2005, Jim Maul wrote:
Is it causing you (or anyone for that matter) a problem by clamav
catching some phishing attempts as opposed to spamassassin catching
them? Whats really the issue here? You just dont believe clamav is the
right tool for that job, but is there REALLY a
On Thu, 2005-01-27 at 09:45 -0600, Sam wrote:
(This is directed more at Trog than anyone...) So if one were to submit
phishing attempts, what do you need? I don't think the virus submission
page will allow one to submit something without an attachment?
Do you need headers?
Do you need
On Jan 27, 2005, at 10:33 AM, Tomasz Kojm wrote:
No problem. As a bonus we will create a signature for your domain name
;-)
Just kidding! Honest! I'd NEVER think of having Windows thought of as
a virus... :-)
___
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams [EMAIL PROTECTED] wrote:
Just my two cents - I agree with the other guy. CLAM should blocks
virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that really so hard to understand?
--
oo
On Thu, 27 Jan 2005 17:29:05 +0100
Tomasz Kojm [EMAIL PROTECTED] wrote:
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams [EMAIL PROTECTED] wrote:
Just my two cents - I agree with the other guy. CLAM should blocks
virii and worms, and leave SPAM to something else. Just think of the
On Thu, 27 Jan 2005 17:40:25 +0100
Stefan Hornburg [EMAIL PROTECTED] wrote:
Can you give me a pointer to how Phishing is defined and detected in
the context of ClamAV ?
See http://www.antiphishing.org/
What is Phishing?
Phishing attacks use 'spoofed' e-mails and fraudulent websites designed
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
Phishing IS NOT spam! Is that really so hard to understand?
Phishing IS NOT a virus! Is that really so hard to understand?
Damian Menscher
--
-=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL
Tomasz Kojm wrote:
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams [EMAIL PROTECTED] wrote:
Just my two cents - I agree with the other guy. CLAM should blocks
virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that really so hard to understand?
On Thu, 27 Jan 2005 10:57:27 -0600 (CST)
Damian Menscher [EMAIL PROTECTED] wrote:
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
Phishing IS NOT spam! Is that really so hard to understand?
Phishing IS NOT a virus! Is that really so hard to understand?
95% of internet worms are not viruses as
On Jan 27, 2005, at 11:29 AM, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams [EMAIL PROTECTED] wrote:
Just my two cents - I agree with the other guy. CLAM should blocks
virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that
Damian Menscher wrote:
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
Phishing IS NOT spam! Is that really so hard to understand?
Phishing IS NOT a virus! Is that really so hard to understand?
Ok, so its not a virus, and its not spam. So neither product should
detect it your saying? How about both
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 Damian Menscher [EMAIL PROTECTED] wrote:
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
Phishing IS NOT spam! Is that really so hard to understand?
Phishing IS NOT a virus! Is that really so hard to understand?
95% of internet worms
Ok, so its not a virus, and its not spam. So neither product should
detect it your saying? How about both products detect it, we have
overlap, and users are happy cause they dont have to deal with this crap
in their inbox.
Personally, I'd love to have it as a config option in clamd.conf.
On Thu, 27 Jan 2005, Jim Maul wrote:
Is it causing you (or anyone for that matter) a problem by clamav catching
some phishing attempts as opposed to spamassassin catching them? Whats
really the issue here? You just dont believe clamav is the right tool for
that job, but is there REALLY a
Damian Menscher wrote:
On Thu, 27 Jan 2005, Jim Maul wrote:
Is it causing you (or anyone for that matter) a problem by clamav
catching some phishing attempts as opposed to spamassassin catching
them? Whats really the issue here? You just dont believe clamav is
the right tool for that job, but
On Thu, 27 Jan 2005 11:08:12 -0600 (CST)
Damian Menscher [EMAIL PROTECTED] wrote:
...which is why, in my original email, I referred to things that
propagate automatically without intervention from their author.
OK, so what about the trojans? ;-)
--
oo. Tomasz Kojm [EMAIL
Sam said:
Also to Damian: I understand what you are saying, but tend to agree more
with Jim. What does it matter who catches it as long as it's caught?
The answer to this is simple: my policy for dealing with spam is quite
different than my policy for dealing with viruses. Spam is annoying,
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 Damian Menscher [EMAIL PROTECTED] wrote:
...which is why, in my original email, I referred to things that
propagate automatically without intervention from their author.
OK, so what about the trojans? ;-)
I take the somewhat-unusual
On Thu, 27 Jan 2005 11:27:48 -0600 (CST)
Damian Menscher [EMAIL PROTECTED] wrote:
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 Damian Menscher [EMAIL PROTECTED] wrote:
...which is why, in my original email, I referred to things that
propagate automatically without
Jim Maul wrote:
snip
If my car is broken usually I take it to a mechanic. But if a friend of
mine who happens to be a plumber can fix it also, does it really matter
if I bring it to him instead? No.
-Jim
Ok, I took part in the previous discussion and I accept the developers
decision. But I
You know, this gets old real quick!
Back when this debate first started (around November or so) I never
thought it would stop.
In November I decided to do 2 things 1 log what virus's were being
caught, where they were going, and what virus was detected.
Out of 446 detected viruses, 167 were
From:
http://www.infoworld.com/article/05/01/21/04FEphishing_1.html?source=NLC-WS2005-01-26
Phishers are employing increasingly sophisticated techniques, such as
malicious code buried in images, keystroke-logging applications that
download as soon as an e-mail is opened, and spoofed Web sites
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
We do a lot of on-line commerce. We cannot tolerate many false positives.
Phishing exploits are something we deal with through education first, and
filtering second. As phishers become more sophisticated and numerous false
positives
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
We do a lot of on-line commerce. We cannot tolerate many false positives.
Phishing exploits are something we deal with through education first, and
filtering second. As phishers become more sophisticated
On Thu, 2005-01-27 at 11:14 -0600, Damian Menscher wrote:
On Thu, 27 Jan 2005, Jim Maul wrote:
Is it causing you (or anyone for that matter) a problem by clamav catching
some phishing attempts as opposed to spamassassin catching them? Whats
really the issue here? You just dont believe
On Thu, 2005-01-27 at 12:32 -0600, Damian Menscher wrote:
And how many Phishing false positives have you had exactly?
All of them. ;)
Seriously, that's an unfair question. When you're deleting people's
email, how would they find out if there was a false positive? With
spam, it's
Damian Menscher wrote:
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
We do a lot of on-line commerce. We cannot tolerate many false
positives.
Phishing exploits are something we deal with through education
first, and
filtering second. As phishers
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of BitFuzzy
Sent: Thursday, January 27, 2005 9:36 AM
To: ClamAV users ML
Subject: Re: [Clamav-users] Phishing Questions
You know, this gets old real quick!
Back when this debate first started (around November or so) I
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 12:32 -0600, Damian Menscher wrote:
Seriously, that's an unfair question. When you're deleting people's
email, how would they find out if there was a false positive? With
spam, it's standard practice to review a junk-mail box for false
On Thu, 27 Jan 2005, Jim Maul wrote:
What if the plumber and the mechanic work on it together? ;)
What if the electrician goes to night school to learn ornithology?
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Thu, 2005-01-27 at 12:45 -0600, Damian Menscher wrote:
Another is your assertion that my initial assumptions were incorrect
when I suggested that phishing signatures were more likely to create
false positives as a result of being more likely to be matching
plaintext. Which initial
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 12:45 -0600, Damian Menscher wrote:
Another is your assertion that my initial assumptions were incorrect
when I suggested that phishing signatures were more likely to create
false positives as a result of being more likely to be matching
On Thu, 2005-01-27 at 13:05 -0600, Damian Menscher wrote:
Oh, ok. Apparently we have a different definition of plaintext. I
generally take anything using only the lower 7 bits (ASCII table) to
mean plaintext, and things that use the 8th bit to mean binary.
Regardless of your definition
On Thu, 27 Jan 2005 13:54:22 -0500 (EST) in
[EMAIL PROTECTED] jef moskot
[EMAIL PROTECTED] wrote:
On Thu, 27 Jan 2005, Jim Maul wrote:
What if the plumber and the mechanic work on it together? ;)
What if the electrician goes to night school to learn ornithology?
Electrified owls?
--
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 13:05 -0600, Damian Menscher wrote:
Oh, ok. Apparently we have a different definition of plaintext. I
generally take anything using only the lower 7 bits (ASCII table) to
mean plaintext, and things that use the 8th bit to mean binary.
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
=20
We do a lot of on-line commerce. We cannot tolerate many false positives.
Phishing exploits are something we deal with through education first, and
filtering second. As phishers become more sophisticated and numerous fals=
e
I don't understand what the fuss is.
clamAV (like all other AVs) produces a report stating what the malware
is. In the case of Phishing, clamAV tags them as *.Phishing.*.
So, change your blocking agents to ignore such matches Don't
be surprised if they don't have the option, but if you
On Fri, 28 Jan 2005, Jason Haar wrote:
clamAV (like all other AVs) produces a report stating what the malware is. In
the case of Phishing, clamAV tags them as *.Phishing.*.
So, change your blocking agents to ignore such matches Don't be
surprised if they don't have the option, but if
On Thu, 27 Jan 2005 14:29:06 -0600 (CST)
Damian Menscher [EMAIL PROTECTED] wrote:
The simplest solution seems to be to write a wrapper around freshclam.
You can patch ClamAV to filter out all *Phishing* sigs in
libclamav/readdb.c. It should be simpler and more reliable solution.
--
oo
On Thu, 27 Jan 2005 21:30:56 +0100 in
[EMAIL PROTECTED] Tomasz Kojm [EMAIL PROTECTED]
wrote:
On Thu, 27 Jan 2005 14:29:06 -0600 (CST)
Damian Menscher [EMAIL PROTECTED] wrote:
The simplest solution seems to be to write a wrapper around
freshclam.
You can patch ClamAV to filter out all
Since ClamAV already has a naming scheme in place (Worm, Phishing, etc),
why not just add a config file option to disable each classification
(with all of them enabled by default)?
Voila! Admins who want to block everything can do so. Admin who only
want to block worms can do so. Admins who
45 matches
Mail list logo