Dennis Peterson schrieb:
James E. Pratt wrote:I can confirm too that Trojan.Downloader.JS.Agent-2 (and 1) hitaload of legitimate sites.Hello . I ran into this " Trojan.Downloader.JS.Agent-2" issue yesterday on our web server. When notified, the webmaster replied with "these are coming from compressed js files using Dean Edwards' javascript "packer" [http://dean.edwards.name/packer/], which compresses js and usuallyreduces the file size by 30-40 percent."If the principal users of this service are spammers trying to obfuscate their content then I see no reason not to use a tool to block that content. A lesson that has been hard to teach is that when legitimate users create content that is indistinguishable from common spam it will be blocked. That takes into consideration the source - sales and marketing types in any corporation have a particular problem as almost all of what they create could be considered spam by someone. Best effort rules apply. I've never had a manager reverse me on this.
Sorry, but that's completely beside the point. a) We are not talking about spam filtering here, but about classification as malware. b) Applying spam blocking rules to web content is quite inappropriate, as websites are actively requested, as opposed to spam which is forced on the recipient through her mailbox slot. c) Whether "the principal users" of Dean Edwards' JavaScript packer are spammers is open to debate, although IMHO it doesn't even matter in the light of a) and b). Generally speaking, I am quite wary of the increasing tendency of ClamAV to try and detect spam in addition to malware. These two categories need to be treated quite differently for many reasons, among them legal ones. mixing them up like this makes my life and work more difficult. Please don't do it. Thanks, T. -- Tilman Schmidt Phoenix Software GmbH Tel. +49 228 97199 0 Adolf-Hombitzer-Str. 12 Fax +49 228 97199 99 53227 Bonn, Germany www.phoenixsoftware.de
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
