On Mon, 2004-11-15 at 12:37, Julian Mehnle wrote: > > For example, the last Bagle (or Bofra) outbreak simply sent an email to > > it's target victims, who then have to click on a link to download the > > Worm. According to your definition, that is a 'social' attack, and > > should not be blocked. > > I agree that there is a gray area, but that doesn't mean the distinction > between technical attacks and social engineering attacks isn't meaningful. > > > You have a number of options: > > > > 1. Use another product. > > 2. Unlike a commercial product, with ClamAV you are in the enviable > > position of being able to use a subset of the signatures by using > > sigtool to unpack the sig DB files and remove any signatures you don't > > want. > > You're trying to kid me, right? I'm not going to be scared away just > because you wish to take a fundamentalist position that ClamAV should > _not_ offer an option to ignore social engineering attacks even though > they are clearly different from technical attacks.
I'm not trying to "scare you away", I really don't care what you do. I've told you how you can easily do what you want, using ClamAV. I also didn't say that ClamAV shouldn't offer an option to ignore "social engineering attacks", I didn't express any opinion on that matter at all, in fact, "fundamentalist" or otherwise. -trog
signature.asc
Description: This is a digitally signed message part
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
