Chris said: > Can ClamAV be configured (I guess thats the right word) to tag fraud type > messages the same as it does with phishing messages? For instance this: > > Dear Friend, Let me start by introducing myself > properly to you. I am Mr. Michael Smith, I work with the Absa Bank SA > as an account officer in the Treasury/Credit Control Unit. I came to > know you in private search for a reliable and reputable person to > handle this confidential transaction, which involve the transfer of a > huge sum of money into a foriegn account requiring maximum confidence. > > Or are there just too many of them to make generating signatures > worthwhile?
These are more difficult than you might imagine to identify. Especially in a business environment. And they change ever so slightly over time. I probably have rigged up more expressions for these than any other kind of post. And cyrillic (Russian lanuguage) posts are a problem, too, for the same reason. They even get past Bayesian filters. I'd prefer these not be made a signature in ClamAV as the opportunity for false positives is great. dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
