Len Conrad wrote: >>> How can I put >>> Phishing.Heuristics.Email.SpoofedDomain >>> ... in local.ign, if I can't find it in the files unpacked by sigtool? >>> thanks >>> Len >>> >> Phishing heuristics sigs are not "real" signatures, so your choices include >> disable the phishing heuristics in clamd.conf (PhishingScanURLs no >> > > Although Barracudas have passed many phishing emails, and I was hoping clamd > in cascade would help, I've had to do "PhishingScanURLs no" in clamd.conf. > Way more FPs than TPs, and a nice variety, too. One day, it stopped all > nytimes.com headlines alerts, and it blocked monthly notices about credit > card balances, which looked legit from the content, and from all the > Received: headers. > > I just caught an FP where one of our DSL users sent to herself, directly to > our submission box running clamd, from the IP she successfully POPs from, a > .gov job site notice. I guess I'll here from her soon. :) > > Len > > > I have a Barracuda in front of a mail server running clamAV. Phishing in clamAV will cause more FPs, IMHO, than it's worth. I do have Phishing turned off. But clamAV does find enough stuff that it's worth running behind the Barracuda.
Plus if something bad happens to the Barracuda, I still have something to scan for viruses on the mail server. Lyle Giese LCR Computer Services, Inc. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
