> BitFuzzy [EMAIL PROTECTED] wrote: > > So blocking [social engineering attacks] can only be seen as a good > > thing. > > I disagree, and I already explained why. > > I don't even request that ClamAV completely stop detecting such stuff, I > just request that I have the option of disabling it.
To change the subject a little, I've long thought that the sort of sliding-window byte matching that I presume clamav does to recognise sigs, and which works equally well in spam filters, ought to be done just once, so my preference for a long-term direction (in general, not specifically this project) would be for the anti-virus and the spamfilter to be implemented by a single scanning operation, for efficiency. For some time now I have been feeding every virus I detect with clamav into spamprobe as training data and I believe (without hard figures yet to back it up, as there's no way of checking) that I'm getting early protection from new viruses from the spam filter. Anyway, I do sympathise with the posters request to make it an option, but I also want to encourage you to continue to pursue this line of development, perhaps even all the way to a spam filter. (For a short monograph on using sliding-window arbitrary text matching in spam filters, as opposed to the current style most of them have which is tokenising, I have a blog entry here: http://www.gtoal.com/mt/archives/000010.html - there's some code kicking around somewhere too; mail me if you want to see it.) Graham _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
