Trog wrote:
<rant>On Mon, 2004-11-15 at 16:39, Dave Goodrich wrote:
Julian Mehnle wrote:
Am I? I'm just saying that I think that a distinction between technical attacks and social engineering attacks is possible and meaningful (even if not everyone would make use of that distinction). That has nothing to do with being hard-nosed, has it?
I hate to butt into a discussion, but I would have to agree. I use SpamAssassin and ClamAV, I don't need or want them doing the same job. I've seen this same discussion on the SpamAssassin list where users wanted rules to stop Viruses with SA, and the general reponse was "No, SA is a spam filter, get ClamAV if you want to stop Viruses"
Please give a full definition of Spam and Malware/Viruses that do not intersect, and will never intersect for all future Spam and Malware such that we can be sure we know what you are requesting.
I cannot protect my users from spam or viruses. I do not think any sysadmin can realisticly protect the user. I am only interested in protecting my own network. After three years of dealing with spam and viruses I truely believe that the average user would climb a ladder, swing on a rope, drop from a helicopter, all to touch the stovetop and see if it was hot.
</rant>
I believe a virus is a file capable of performing a task not implicitly requested by the user of the destination machine. Whether the user clicks or not is irrelevent, thanks to MS this is taken care of for them.
A spam is any email message not reqested or desired by the user of the destination machine.
So my point was this, a Virus is a file, in hand, it is here, I have it, I want to know if I should let the destination machine have it. ClamAV scans a file in it's posession against a known signature db. Does it match? YES or NO. ClamAV does this very well.
Spam is a email message, it might not be a message the destination machine wants to receive, it might provide access to a payload, it might not. But I don't have the proposed/suspected/feared payload. Should I let the destination machine have the message or not? SA scans a message for known traits, and finding enough known traits, scores the message as spam (in the _opinion_ of the person who weighted those traits). SpamAssassin does this very well.
I believe that is specific enough. YMMV.
I never said the developers were. I only agreed that a distinction between social and technical attacks was meaningful and relevent. My comment on the discussions I have seen on the SA list were simply and example as to the fact that the SA developers see a distinction.
Not one of the Clam developers have proposed adding general spam detection to ClamAV.
Please don't associate me with a group, I don't choose sides. If we(my company, the user) determine that ClamAV needs to gain/lose a feature, we will either offer to pay the developers to implement it, or implement it ourselves and give the code back. We would not argue with developers.
I believed the thread was a discussion, I joined the discussion and offered an opinion. That is all.
DAve
-- Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker!
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
