On Thu, 27 Jan 2005, Sam wrote:
I have yet another question. I have noticed Clam stopping (or at least to me it appears to be stopping) various phishing attempts. Or am I wrong?
If this is the case, I will start submitting phishing attemps I see (I probably get 3 - 4 a day).
Please don't. Phishing attempts do not automatically propagate (by infecting a machine and being re-sent) and therefore are generally one-time events. As such, they can be trivially changed to evade any signature-based filter, which must obviously generate a signature _after_ the release of each phishing email. As a result, blocking of phishing schemes is best left to anti-spam tools such as SpamAssassin. In contrast, once a virus (or other auto-propagating code) is released, the author no longer has control, so signatures can be developed.
There was a discussion about this several months ago. Unfortunately, many people (including part of the signature-generation team) are too dogmatic about their feelings that "phishing is bad, so we should block it" to look at it logically.
Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
