It's a good idea. I'd love to see some statistics about it's effectiveness
/ false positive rate. At the very worst, if it disabled the link, it
wouldn't be that bad.
Regards,
KAm
a href=http://bogus.site.com/.cgi/ebay/cgi;https://secure.ebay.com/a
Got that? If the URL *text* in the
--On Tuesday, March 22, 2005 14:29 -0500 Kevin A. McGrail
[EMAIL PROTECTED] wrote:
Since defang is a single user, you just need 1 license but 5 is the
minimum to purchase.
I never tried this one with vendors! They accept this?
Joseph Brennan
Academic Technologies Group, Academic Information
The other phishing it does not catch are the ones where the end users hosts
file has been altered to point secure.ebay.com to a different IP. The only
reliable way to catch those I have seen is to compare the originating relayed
server with a list of known good ones... which is a kludge as this
On Wed, 23 Mar 2005, Joseph Brennan wrote:
Since defang is a single user, you just need 1 license but 5 is the
minimum to purchase.
I never tried this one with vendors! They accept this?
Probably not... They couldn't stay in business by selling you one license
to use for say 10,000 users.
Joseph Brennan wrote:
--On Tuesday, March 22, 2005 14:29 -0500 Kevin A. McGrail
[EMAIL PROTECTED] wrote:
Since defang is a single user, you just need 1 license but 5 is the
minimum to purchase.
I never tried this one with vendors! They accept this?
The consensus seems to be that McAfee at
Joseph Brennan wrote:
I didn't think of getting this from an AV product, and it is
definitely an interesting reason to run one.
Among the other viruses/exploits that were stopped by my gateways (which run
CLAMD and othe AV engines), my morning statistics showed these numbers, for
phishing
Since defang is a single user, you just need 1 license but 5 is the
minimum to purchase.
I never tried this one with vendors! They accept this?
Probably not... They couldn't stay in business by selling you one license
to use for say 10,000 users. Most likely they want an actual
Date: Wed, 23 Mar 2005 10:27:26 -0500
From: James Ebright [EMAIL PROTECTED]
Subject: Re: Phish detection (was Re: [Mimedefang] for mcafee lovers)
I agree... unfortunately most of our clients use windoze and most IE and
even
with auto updates it seems many still manage to get spyware etc
Hehe, you have never dealt with the newer forms of the browser hijacks then,
they usually exploit a vunderability in windows or use social engineering to
get on a PC (not much I can do but educate customers on the latter,
auto-updates are hopefully taking care of the former as best it can). Once a
We are and it is there in two different places if I remember right! As I
mentioned before, out TOS allows us to charge a customer cleanup fees if we
catch them spamming as well. Anyway, we tell our attorneys what we want to
accomplish... they put it down in legaleze. ;-)
Jim
On Wed, 23 Mar 2005
To clarify, I am not recommending a go with the flow attitude. I am
recommending a multi-tiered approach including something
customers/bosses/colleagues/whatever recognize so you don't have to list to
them when a virus does get through. I highly recommend using bad extensions
and zip
[EMAIL PROTECTED] wrote:
I have heard people ask, how many AV scanners should I run?
Some say one - some say as many as you can get.
The McAfee exploit leads me to say two
I say: You should run zero AV scanners, because you should not be running
systems that are susceptible to e-mail viruses.
Following up on myself...
(Well, OK. Some RP employees use Windoze at home, and I suppose they
might check their e-mail from home, so Clam probably is more useful
than I'm admitting... grumble grumble...)
My colleague Dave O'Neill pointed out that Clam has signatures
against phishing attacks
Kevin A. McGrail wrote:
Finally, while I appreciate the security notice, I think we can all
agree that virus scanning is only useful if you are running the
latest engine and signatures regardless of the software used. So for
the benefit of others using McAfee, the McAfee 4440 engine patched
Damrose, Mark wrote:
I run Clam on MD acting as a relay to an Exchange server running McAfee.
Before I upgraded to a version of Clam that would catch phishing e-mails,
the McAfee would regularly catch them. There is still an occasional one
that McAfee catches that slipped past Clam. I have no
Do any commercial AV scanners have phishing signatures? If not, that's
a very strong argument for Clam.
Yes and no. Because Phishing is such a growing concern, EVERYONE is
addressing it in some manner.
For example, I know there are signatures like Phish-BankFraud.eml.X in
McAfee
Kevin A. McGrail wrote:
How can you content differentiate
between a real and a phish without something like SURBL?
The Mailscanner guy has a fairly effective heuristic that really
should be plugged into SpamAssassin. He looks for something like this:
a
--On Tuesday, March 22, 2005 4:37 PM -0500 David F. Skoll
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
I have heard people ask, how many AV scanners should I run?
Some say one - some say as many as you can get.
The McAfee exploit leads me to say two
I say: You should run zero AV scanners,
- Original Message -
From: Joseph Brennan [EMAIL PROTECTED]
We run no AV scanners, because we reject mail with executable file
attachments and zip files. To my knowledge we have accepted absolutely
zero email viruses in the two years or so since we implemented this.
Mimedefang made this
David Skoll wrote:
(Well, OK. Some RP employees use Windoze at home, and I suppose they
might check their e-mail from home, so Clam probably is more useful
than I'm admitting... grumble grumble...)
My colleague Dave O'Neill pointed out that Clam has signatures
against phishing attacks
On Wed, 23 Mar 2005, Roland Pope wrote:
You would need to reject HTML email too to prevent HTML exploits
I reject almost all HTML e-mail; there are very specific conditions
that have to be met for HTML mail to get through my filter.
(Unless you are using text only mail readers).
I used to
21 matches
Mail list logo
