On Sun, 2004-11-14 at 14:57, Julian Mehnle wrote: > 3. I am using the SpamCop reporting tool[1] to file complaints to ISPs > about spam (which specifically includes phishing attacks) that I > receive. SpamCop requires spam samples to be manually checked for > spamminess before being reported. Thus I _do_ want to receive social > engineering messages and classify them manually in order to report > them to SpamCop.
I am, unfortunately, familiar with SpamCop (and all the other similar 'tools'). As a listed contact for over 16million Internet IP addresses I receive notices from such 'tools' all the time, and I've *never* had one that is accurate yet. They are incredibly dumb pieces of software that achieve nothing other than annoying innocent sys admins and giving their mis-guided users a warm feeling. Please stop using them [1]. The definition of malware has always been a grey area, there are no defined rules as to what an AV product should stop and what it shouldn't. In the case of phishing, it is obviously intended to directly defraud people, or be used as an avenue to install other malware (keyloggers etc.) and as such, is distinctly different from spam, which merely tries to get you to buy something. The 'technical' and 'social' divide you appear to like to use is a red-herring. For example, the last Bagle (or Bofra) outbreak simply sent an email to it's target victims, who then have to click on a link to download the Worm. According to your definition, that is a 'social' attack, and should not be blocked. You have a number of options: 1. Use another product. 2. Unlike a commercial product, with ClamAV you are in the enviable position of being able to use a subset of the signatures by using sigtool to unpack the sig DB files and remove any signatures you don't want. -trog [1] Try here for a better header tracer: http://www.3dmail.com/spam/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
