Julian Mehnle wrote: > > For three reasons: > > 1. I consider filtering technically harmful messages for my users > acceptable, but I think filtering social engineering to be > censorship. I would rather educate my users.
You really must be a patient and virtuous person, if you can succeed on the education part :) > 2. While recognizing technical engineering (viruses, worms, other > malware) automatically has proven to be feasible, I _generally_ do > not believe in recognizing social engineering (scams, phishing, > etc.) automatically. Technical state of the art is far from doing > that reliably. Without machines being able to understand the > meaning of text, any heuristics can only be a crook. I am using > reputation systems (AKA DNS blacklists) instead. To a large degree, that is true. However, the blacklists are dependant upon the sender/client being in them. It is six of one, and half a dozen of the other. > 3. I am using the SpamCop reporting tool[1] to file complaints to ISPs > about spam (which specifically includes phishing attacks) that I > receive. SpamCop requires spam samples to be manually checked for > spamminess before being reported. Thus I _do_ want to receive > social engineering messages and classify them manually in order to > report them to SpamCop. Again, good point. However, one could also argue that it should be the filtering programme which is configurable upon the output from various softwares. I myself, prefer the software as is, and to then work around any specific requirements in my filtering script. But, as I said, this is just my personal preference. I think this will probably end up being one of those discussions with equal amounts on both sides of the camp :) The problem with adding more configurable options are that a lot of people, as some of the questions on the M.L show, leave the default config as is, and don't realise for a while that the software isn't performing some function as they expected. It is one of those vicious circles. Matt _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
