Matt [EMAIL PROTECTED] wrote:
> Julian Mehnle wrote:
> > How can I configure ClamAV not to try to detect phishing and other
> > social engineering attacks?
>
> Why? Your prerogative, obviously, but I am just curious.
For three reasons:
1. I consider filtering technically harmful messages for my users
acceptable, but I think filtering social engineering to be censorship.
I would rather educate my users.
2. While recognizing technical engineering (viruses, worms, other
malware) automatically has proven to be feasible, I _generally_ do not
believe in recognizing social engineering (scams, phishing, etc.)
automatically. Technical state of the art is far from doing that
reliably. Without machines being able to understand the meaning of
text, any heuristics can only be a crook. I am using reputation
systems (AKA DNS blacklists) instead.
3. I am using the SpamCop reporting tool[1] to file complaints to ISPs
about spam (which specifically includes phishing attacks) that I
receive. SpamCop requires spam samples to be manually checked for
spamminess before being reported. Thus I _do_ want to receive social
engineering messages and classify them manually in order to report
them to SpamCop.
Tomasz Kojm [EMAIL PROTECTED] wrote:
> Julian Mehnle <[EMAIL PROTECTED]> wrote:
> > How can I configure ClamAV not to try to detect phishing and other
> > social engineering attacks?
>
> Modify your mail scanner to pass "HTML.Phishing.*" through.
Yes, I can do that. Is there an authoritative hierarchy of signature
names from which I can see what hierarchy branches ("HTML.Phishing.*",
etc.) I would have to whitelist?
Besides there's oviously a fundamental difference between technical
malware and social engineering malware, so there should be a way to
configure what to detect and what not.
References:
1. http://www.spamcop.net/anonsignup.shtml
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
