Re: [Clamav-users] Report Phishing attacks?
On Mon, 21 Mar 2005 17:01:48 -0400, Samuel Benzaquen [EMAIL PROTECTED] wrote: I can also say that they don't want to compete against commercial AV vendors as I have read here 2^32 times that we should use not _only_ clamav, but a list of AVs to improve the chances to catch malware. Best practice for security always involves defence in depth. Basing all your protection on a single AV product, given that *none* of them are 100% effective, would be short sighted (and particularly given the current spate of attacks on AV products). Personally, I use clamav as the first line of defence. It's rare for anything to slip through, but it happens (well, twice so far - and in each case by the time I reviewed the situation a signature had already been released). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Tue, 22 Mar 2005, Rob MacGregor wrote: From: Rob MacGregor [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Date: Tue, 22 Mar 2005 09:58:17 + Subject: Re: [Clamav-users] Report Phishing attacks? Reply-To: ClamAV users ML clamav-users@lists.clamav.net On Mon, 21 Mar 2005 17:01:48 -0400, Samuel Benzaquen [EMAIL PROTECTED] wrote: I can also say that they don't want to compete against commercial AV vendors as I have read here 2^32 times that we should use not _only_ clamav, but a list of AVs to improve the chances to catch malware. Best practice for security always involves defence in depth. Basing all your protection on a single AV product, given that *none* of them are 100% effective, would be short sighted (and particularly given the current spate of attacks on AV products). I believe this is what the commercial anti-virus company, MessageLabs, does. When I spoke to them a few years ago, they had licenses for five anti-virus products. Messages were fed through the three they considered the best. Personally, I use clamav as the first line of defence. It's rare for anything to slip through, but it happens (well, twice so far - and in each case by the time I reviewed the situation a signature had already been released). We've a site licence for Sophos so I've been using this on our mail servers for some time. I've just started using ClamAV in addition to Sophos and I'm very favourably impressed. Statistics for the viruses detected for the past week, 15th March to 21st March, are appended below. The table shows a significant number of phishing attempts being rejected. ClamAV also seems to be picking up everything that Sophos detects. I'll have to start quarantining suspect material that's only detected by one virus scanner. For example: Virus Count - - Worm.Lovgate.Z ClamAV 29 Worm.Mydoom.M ClamAV 21 Worm.Lovgate.X ClamAV 2 Worm.Mytob.C-2 ClamAV 2 Worm.SomeFool.N ClamAV 2 Worm.SomeFool.Gen-1 ClamAV 1 Worm.SomeFool.P ClamAV 1 where stuff is only being detected by ClamAV would warrant closer inspection. Viruses detected between 15th March 2005 and 21st March 2005 Virus Count - - W32/Netsky-P ClamAV/Sophos 640 W32/Netsky-D ClamAV/Sophos 485 W32/MyDoom-O ClamAV/Sophos 150 HTML.Phishing.Bank-1 ClamAV 126 W32/Lovgate-V ClamAV/Sophos 47 W32/Bagle-BK ClamAV/Sophos40 W32/MyDoom-N ClamAV/Sophos37 W32/Bagle-Zip ClamAV/Sophos 30 W32/Netsky-Q ClamAV/Sophos30 Worm.Lovgate.Z ClamAV 29 HTML.Phishing.Bank-107 ClamAV 27 W32/Bagle-AG ClamAV/Sophos26 W32/Netsky-AE ClamAV/Sophos 23 Worm.Mydoom.M ClamAV 21 W32/Gibe-F ClamAV/Sophos 20 HTML.Phishing.Bank-83 ClamAV 17 HTML.Phishing.Postcard-3 ClamAV 16 W32/Lovgate-X ClamAV/Sophos 16 W32/Netsky-X ClamAV/Sophos16 W32/Bagle-AI ClamAV/Sophos15 HTML.Phishing.Bank-60 ClamAV 13 W32/Bagle-N ClamAV/Sophos 13 HTML.Phishing.Pay-14 ClamAV 12 W32/Netsky-AB ClamAV/Sophos 12 W32/Netsky-Y ClamAV/Sophos12 W32/MyDoom-AR ClamAV/Sophos9 HTML.Phishing.Auction-16 ClamAV8 HTML.Phishing.Auction-28 ClamAV8 HTML.Phishing.Bank-52 ClamAV 8 W32/Bagle-AF ClamAV/Sophos 8 W32/Lovgate-AJ ClamAV/Sophos 8 HTML.Phishing.Bank-106 ClamAV 7 HTML.Phishing.Bank-49 ClamAV 7 W32/Netsky-C ClamAV/Sophos 7 W32/NetskyD-Dam ClamAV/Sophos 7 W32/Zafi-D ClamAV/Sophos 7 HTML.Phishing.Bank-131 ClamAV 6 HTML.Phishing.Bank-57 ClamAV 6 HTML.Phishing.Bank-98 ClamAV 6 W32/Netsky-B ClamAV/Sophos 5 W32/Netsky-J ClamAV/Sophos 5 W32/Sober-K ClamAV/Sophos 5 HTML.Phishing.Auction-17 ClamAV4 HTML.Phishing.Auction-19 ClamAV4 HTML.Phishing.Pay-11 ClamAV
Re: [Clamav-users] Report Phishing attacks?
On Mon, 21 Mar 2005 at 12:47:54 -0600, Sam wrote: How does one go about getting the text for JS.Scramble to put into the user.db file? Is there a location for strings that have been pulled out? If you mean JS.Spam.Scramble.A, please find it attached. Disclaimer: use it at your own risk. -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner JS.Spam.Scramble.A (Clam)=3c736372697074206c616e67756167653d224a617661536372697074223e*203d206e657720417272617928*203d206e657720417272617928*293b*3b0a666f7228*2b2b290a20*202b20537472696e672e66726f6d43686172436f646528*646f63756d656e742e777269746528*3c2f7363726970743e JS.Spam.Scramble.A-mail (Clam)=3c736372697074206c616e67756167653d3344224a617661536372697074223e*3d3344206e657720417272617928*293b*3d3344206e657720417272617928*666f7228*2b2b29*202b20537472696e672e66726f6d43686172436f646528*5d205e*646f63756d656e742e777269746528*3c2f7363726970743e ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Mar 21, 2005, at 5:10 PM, Brian Morrison wrote: On Mon, 21 Mar 2005 20:06:02 +0100 in [EMAIL PROTECTED] Julian Mehnle [EMAIL PROTECTED] wrote: Brian Morrison wrote: Julian Mehnle wrote: Probably more like: can we have 'technical-threats.cvd' and 'non-technical-threats.cvd' instead of 'main.cvd'? You don't give up do you? ;-) Not until someone convincingly explains to me why my request for a practical option to distinguish between technical and non-technical threats (i.e. exploitation of technical flaws in software vs. exploitation of end-user naiveté) is inappropriate. I'm not commenting on your correctness, merely on your staying power. For a moment I thought this was spam... ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Mar 22, 2005, at 6:35 AM, Dennis Davis wrote: On Tue, 22 Mar 2005, Rob MacGregor wrote: From: Rob MacGregor [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Date: Tue, 22 Mar 2005 09:58:17 + Subject: Re: [Clamav-users] Report Phishing attacks? Reply-To: ClamAV users ML clamav-users@lists.clamav.net On Mon, 21 Mar 2005 17:01:48 -0400, Samuel Benzaquen [EMAIL PROTECTED] wrote: I can also say that they don't want to compete against commercial AV vendors as I have read here 2^32 times that we should use not _only_ clamav, but a list of AVs to improve the chances to catch malware. Best practice for security always involves defence in depth. Basing all your protection on a single AV product, given that *none* of them are 100% effective, would be short sighted (and particularly given the current spate of attacks on AV products). I believe this is what the commercial anti-virus company, MessageLabs, does. When I spoke to them a few years ago, they had licenses for five anti-virus products. Messages were fed through the three they considered the best. You're saying a commercial AV vendor is using competitor's AV products in addition to their own to protect their systems? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Mar 22, 2005, at 4:58 AM, Rob MacGregor wrote: On Mon, 21 Mar 2005 17:01:48 -0400, Samuel Benzaquen [EMAIL PROTECTED] wrote: I can also say that they don't want to compete against commercial AV vendors as I have read here 2^32 times that we should use not _only_ clamav, but a list of AVs to improve the chances to catch malware. Best practice for security always involves defence in depth. Basing all your protection on a single AV product, given that *none* of them are 100% effective, would be short sighted (and particularly given the current spate of attacks on AV products). Personally, my gripe is that the product is called ClamAV. If it's expanding it's mission to protect people from everything called malware, I'd change the name to something that indicates it's a malware detector and not a virus detector. Phishing scams are *not* viruses. Maybe change it's name to ClaMal. It'll make the O'Reilly book cover look interesting, too. But this would probably never happen. *shrug* ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Tue, 22 Mar 2005, Bart Silverstrim wrote: From: Bart Silverstrim [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Date: Tue, 22 Mar 2005 07:40:18 -0500 Subject: Re: [Clamav-users] Report Phishing attacks? ... I believe this is what the commercial anti-virus company, MessageLabs, does. When I spoke to them a few years ago, they had licenses for five anti-virus products. Messages were fed through the three they considered the best. You're saying a commercial AV vendor is using competitor's AV products in addition to their own to protect their systems? They aren't, as far as I'm aware, a commercial AV vendor. Instead they offer a managed email service which provides anti-virus and andti-spam facilities. See: http://www.messagelabs.com/ for details. Note that: http://www.messagelabs.com/services/antivirus/detail/default.asp#features includes: Anti-Virus combines Skeptic's predictive technology with multiple commercial scanners to detect and combat against viruses entering and leaving your organization -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [EMAIL PROTECTED] Phone: +44 1225 386101 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Tue, 22 Mar 2005, Tomasz Papszun wrote: On Mon, 21 Mar 2005 at 12:47:54 -0600, Sam wrote: How does one go about getting the text for JS.Scramble to put into the user.db file? Is there a location for strings that have been pulled out? If you mean JS.Spam.Scramble.A, please find it attached. Disclaimer: use it at your own risk. Thanks Tomas! (I'm a little worried now though with your disclaimer... :) Was it just getting false positives, or did it cause stability issues?) Thanks again Sam ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Bart Silverstrim wrote: Personally, my gripe is that the product is called ClamAV. If it's expanding it's mission to protect people from everything called malware, I'd change the name to something that indicates it's a malware detector and not a virus detector. Phishing scams are *not* viruses. Maybe change it's name to ClaMal. It'll make the O'Reilly book cover look interesting, too. But this would probably never happen. *shrug* ___ http://lurker.clamav.net/list/clamav-users.html I can't believe this is still going on! This got old fast the last time it was discussed. This isn't about detecting messages concerning Viagra, or getting 27,000,000 by helping some yutz in Nigeria. The way I see it, any item regardless of it's delivery method that has the potential to do harm financially or otherwise should be stopped (IMHO) by the AV. These messages are running out of control. They are clever, and when used in conjunction with their associated websites are very hard to identify it from the real thing. ClamAV isn't the only agent that detects Phishing attempts. Mcafee, PcCillin, etc detect these attempts why would anyone expect ClamAV to do less I may be thinking of something else here, but if memory serves the dev team will be providing a method for you (or anyone) not wanting these detected, to disable it. and with that the debate should be ended. BF ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Mar 22, 2005, at 8:05 AM, Dennis Davis wrote: On Tue, 22 Mar 2005, Bart Silverstrim wrote: From: Bart Silverstrim [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Date: Tue, 22 Mar 2005 07:40:18 -0500 Subject: Re: [Clamav-users] Report Phishing attacks? ... I believe this is what the commercial anti-virus company, MessageLabs, does. When I spoke to them a few years ago, they had licenses for five anti-virus products. Messages were fed through the three they considered the best. You're saying a commercial AV vendor is using competitor's AV products in addition to their own to protect their systems? They aren't, as far as I'm aware, a commercial AV vendor. Instead they offer a managed email service which provides anti-virus and andti-spam facilities. See: http://www.messagelabs.com/ for details. Note that: http://www.messagelabs.com/services/antivirus/detail/ default.asp#features includes: Anti-Virus combines Skeptic's predictive technology with multiple commercial scanners to detect and combat against viruses entering and leaving your organization Oops! My bad :-) Thanks for the info! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Mar 22, 2005, at 9:43 AM, BitFuzzy wrote: Bart Silverstrim wrote: Personally, my gripe is that the product is called ClamAV. If it's expanding it's mission to protect people from everything called malware, I'd change the name to something that indicates it's a malware detector and not a virus detector. Phishing scams are *not* viruses. Maybe change it's name to ClaMal. It'll make the O'Reilly book cover look interesting, too. But this would probably never happen. *shrug* I can't believe this is still going on! This got old fast the last time it was discussed. This isn't about detecting messages concerning Viagra, or getting 27,000,000 by helping some yutz in Nigeria. The way I see it, any item regardless of it's delivery method that has the potential to do harm financially or otherwise should be stopped (IMHO) by the AV. These messages are running out of control. They are clever, and when used in conjunction with their associated websites are very hard to identify it from the real thing. ClamAV isn't the only agent that detects Phishing attempts. Mcafee, PcCillin, etc detect these attempts why would anyone expect ClamAV to do less I may be thinking of something else here, but if memory serves the dev team will be providing a method for you (or anyone) not wanting these detected, to disable it. and with that the debate should be ended. Please, calm down. I wasn't arguing one thing or the other. I just expressed an opinion. Why should it be that just because you don't like to hear the opinion that anyone who shares it must shut up, when this list is monitored by people who may or may not want feedback from the users? You're implying that I should shut up with my opinion then you go on to express your own. Geez. I wasn't even saying disable it. I had said, consistent with the participation in the past mail list war, that if ClamAV were going to start detecting non-virus attacks and stop things that were aimed at people who should generally know better by now than to fall for scammers and baiters, then it would be better aesthetically if you didn't advertise as an anti-VIRUS and instead as an anti-MALWARE program, as that is what it was migrating it's role to. Saying the neighbors are doing the same thing doesn't help either, since I've griped about that as well. If you're a malware detector, do the search engines a favor and advertise the program as such. It's bad enough that people are sloppy with terminology and concepts go way over users heads without making it worse by contributing to the fuzzy definitions. No debate. Opinion. As I also stated in the past it's ultimately up to the developers. Getting a bug up your butt about it will only give you a stroke or heart attack. I'm not a developer and lack the skill to fork the project and even if I could, I lack the resources to host it...so I use what the developers offer. They do a very good job in the first place. Doesn't mean I don't differ in opinion once in awhile with how things are done, but oh well! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Tue, 22 Mar 2005 at 8:33:09 -0600, Sam wrote: On Tue, 22 Mar 2005, Tomasz Papszun wrote: If you mean JS.Spam.Scramble.A, please find it attached. Disclaimer: use it at your own risk. Thanks Tomas! (I'm a little worried now though with your disclaimer... :) Was it just getting false positives, or did it cause stability issues?) No stability issues. Also, I don't remember any FPs (when those signatures were in the database, but they weren't very long there). AFAIR, they were removed because of principles. And the disclaimer is because those signatures aren't in the official database and I sent them just because you asked for, not because I'm encouraging anybody to use them. -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: I can't believe you still didn't get the point. This is NOT about removing ClamAV's capacity for detecting phishing attacks, little yellow rubber ducks in PNG images, or whatever else. This is about making it _optional_, for those people who don't want certain types of malware to be scanned for. ___ http://lurker.clamav.net/list/clamav-users.html And they're adding it. So why is the issue festering? I understand people want to post their views (as they should). But this topic in particular has and will end up in a never ending loop, that tends to be worse than Linux vs Windows debates. It died out once, and I hope it does so again, quickly ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: I can't believe you still didn't get the point. This is NOT about removing ClamAV's capacity for detecting phishing attacks, little yellow rubber ducks in PNG images, or whatever else. This is about making it _optional_, for those people who don't want certain types of malware to be scanned for. ___ http://lurker.clamav.net/list/clamav-users.html And they're adding it. So why is the issue festering? I understand people want to post their views (as they should). But this topic in particular has and will end up in a never ending loop, that tends to be worse than Linux vs Windows debates. It died out once, and I hope it does so again, quickly ___ http://lurker.clamav.net/list/clamav-users.html I too have strong feelings on this subject, but it was hashed out a while back, and should be let to die here. AMEN ps: I still think that clamav is one of the finest open source projects going and this list is the most level headed ... subject above excepted :) -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
At 06:43 AM 3/22/2005, BitFuzzy wrote: Bart Silverstrim wrote: Personally, my gripe is that the product is called ClamAV. If it's expanding it's mission to protect people from everything called malware, I'd change the name to something that indicates it's a malware detector and not a virus detector. Phishing scams are *not* viruses. Maybe change it's name to ClaMal. It'll make the O'Reilly book cover look interesting, too. But this would probably never happen. *shrug* ___ http://lurker.clamav.net/list/clamav-users.html I can't believe this is still going on! This got old fast the last time it was discussed. This isn't about detecting messages concerning Viagra, or getting 27,000,000 by helping some yutz in Nigeria. The way I see it, any item regardless of it's delivery method that has the potential to do harm financially or otherwise should be stopped (IMHO) by the AV. um, reread what you just wrote. 'any item regardless of it's delivery method that has the potential to do harm financially or otherwise'. let's see, little old ladies emailing their bank account information to MRS. MIRIAM SESE SEKO, LATE OF THE CHIEF PETROLEUM RESERVES OFFICE OF NIGERIA, doesn't pose the potential to do harm financially? How about V1c0d1n, a prescription drug, that if you order it from spam, chances are you'll never get it, because who in their right mind would file a complaint that they didn't get a prescription drug they ordered illegally over the net? No risk of financial harm there? what about a spam message for porn, and the poor yutz clicks the link and is sent instead to a kiddie porn site, and later his IP address is swept up by law enforcement and he goes to jail as a pedophile - doesn't fit your criteria? your argument isn't consistent. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
[EMAIL PROTECTED] said: your argument isn't consistent. Paul Theodoropoulos Here we go again. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
At 10:08 AM 3/22/2005, you wrote: [EMAIL PROTECTED] said: your argument isn't consistent. Paul Theodoropoulos Here we go again. Perhaps this is why it keeps coming up. An action based upon a flawed or inconsistent stance tends to do that. Why aren't we blocking Nigeria Scams? people have lots tens of thousands of dollars on that. but whatever. discussing the relevance of this choice will be moot once the choice is offered to the user. so one will be able to choose whether to use clam ANTIVIRUS to detect non-VIRUS phishing scams if they want. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
[EMAIL PROTECTED] wrote: um, reread what you just wrote. 'any item regardless of it's delivery method that has the potential to do harm financially or otherwise'. let's see, little old ladies emailing their bank account information to MRS. MIRIAM SESE SEKO, LATE OF THE CHIEF PETROLEUM RESERVES OFFICE OF NIGERIA, doesn't pose the potential to do harm financially? How about V1c0d1n, a prescription drug, that if you order it from spam, chances are you'll never get it, because who in their right mind would file a complaint that they didn't get a prescription drug they ordered illegally over the net? No risk of financial harm there? what about a spam message for porn, and the poor yutz clicks the link and is sent instead to a kiddie porn site, and later his IP address is swept up by law enforcement and he goes to jail as a pedophile - doesn't fit your criteria? your argument isn't consistent. You're right it isn't consistent, that's because the issue isn't black and white, it's a clammy shade of gray. The difference between what's being detected as phishing attempts is that they are crafted to make you believe you are at http://www.your-bank.com, ebay.com, paypal.com, etc. They are in most cases very convincing, thus not only the foolish can fall prey. (I know very savvy people who fell for these) The other forms, mentioned.do pose the exact same threat, however there is a big difference the victim here was just being gullible. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
BitFuzzy wrote: [EMAIL PROTECTED] wrote: The difference between what's being detected as phishing attempts is that they are crafted to make you believe you are at http://www.your-bank.com, ebay.com, paypal.com, etc. They are in most cases very convincing, thus not only the foolish can fall prey. (I know very savvy people who fell for these) The other forms, mentioned.do pose the exact same threat, however there is a big difference the victim here was just being gullible. In my opinion, the difference between 1) a virus 2) a phish, a Nigerian scam, a spyware, an adware, etc. is that viruses SPREAD - that is, they propagate themselves to others through the infected party. As such, there are policy decisions against viruses that are appropriate in scenarios where such policies would be inappropriate against mere phishes. Therefore - in my opinion - ClamAV should limit itself to detecting (and rejecting) threats of the first kind by default. If an option is added to detect and reject threats of the second kind, that can only be a good thing - so long as it is an option. Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
BitFuzzy [EMAIL PROTECTED] wrote: The difference between what's being detected as phishing attempts is that they are crafted to make you believe you are at http://www.your-bank.com, ebay.com, paypal.com, etc. They are in most cases very convincing, thus not only the foolish can fall prey. (I know very savvy people who fell for these) Using heuristics (i.e. malware signatures) to re-actively detect typical _formal_ characteristics of faked messages is bound to result in significant failure rates, either in false positives or in false negatives. The way to combat phishing is to employ sender authentication methods such as SPF, DomainKeys, and public-key message cryptography. Both service providers (banks, eBay, PayPal, etc.) and users need to learn to use the right tools for the job. Neither SpamAssassin nor ClamAV are the right tools. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: The way to combat phishing is to employ sender authentication methods such as SPF, DomainKeys, and public-key message cryptography. This is unfortunately debatable. SPF, DomainKeys, cryptography, SenderID, etc. can only work on info in the message. Nothing stops people from registering a domain like onlinebanking.example and then sending out - perfectly legitimately - from [EMAIL PROTECTED] Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Matthew van Eerde wrote: Julian Mehnle wrote: The way to combat phishing is to employ sender authentication methods such as SPF, DomainKeys, and public-key message cryptography. This is unfortunately debatable. SPF, DomainKeys, cryptography, SenderID, etc. can only work on info in the message. Nothing stops people from registering a domain like onlinebanking.example and then sending out - perfectly legitimately - from [EMAIL PROTECTED] Still the sender is not @citibank.com. Also, Service providers can hand out their PGP or S/MIME public key to their customers (by postal mail or similar) and instruct them to discard any messages that are not signed by that key. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Tue, Mar 22, 2005 at 08:49:40PM +0100, Julian Mehnle wrote: Matthew van Eerde wrote: Julian Mehnle wrote: The way to combat phishing is to employ sender authentication methods such as SPF, DomainKeys, and public-key message cryptography. This is unfortunately debatable. SPF, DomainKeys, cryptography, SenderID, etc. can only work on info in the message. Nothing stops people from registering a domain like onlinebanking.example and then sending out - perfectly legitimately - from [EMAIL PROTECTED] Still the sender is not @citibank.com. But I could form a Committee on Income Tax Inequities and register citi.us. Also, Service providers can hand out their PGP or S/MIME public key to their customers (by postal mail or similar) and instruct them to discard any messages that are not signed by that key. Wow, absolutely brilliant! They can send them in the pre-approved credit card offers! Maybe Congress should pass a law that they have to provide armored pgp public keys in the disclaimers! Oh, and PGP would have to be given to everyone who has a computer! While waiting, breathlessly, for Congress to take up your solution to the phishing problem, I'll continue to delete any mail that remotely smells like spam or malware, using as many tools as I can to search and destroy. You are, of course, free to delete only things that clamav names as ^worm\. If the dev team mis-names a technical exploit, then that's just your tough luck. -- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Tue, 22 Mar 2005 19:55:38 +0100 in [EMAIL PROTECTED] Julian Mehnle [EMAIL PROTECTED] wrote: The way to combat phishing is to employ sender authentication methods such as SPF, DomainKeys, and public-key message cryptography. SPF is not a good way to do this, it does practically nothing to ensure that the source is genuine, merely that it originated from an authorised host. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Daniel J McDonald wrote: Julian Mehnle wrote: Matthew van Eerde wrote: Nothing stops people from registering a domain like onlinebanking.example and then sending out - perfectly legitimately - from [EMAIL PROTECTED] Still the sender is not @citibank.com. But I could form a Committee on Income Tax Inequities and register citi.us. Granted, preventing sender address forgery isn't sufficient for solving the phishing problem. Also, Service providers can hand out their PGP or S/MIME public key to their customers (by postal mail or similar) and instruct them to discard any messages that are not signed by that key. Wow, absolutely brilliant! Not at all. But effective. And absolutely feasible. They can send them in the pre-approved credit card offers! Certificate authorities don't issue certificates (public keys) reading Citigroup, Silver Spring, Maryland, US to unverified strangers. The way the certificate reaches the end-user is largely irrelevant. Oh, and PGP would have to be given to everyone who has a computer! Most widely-used mail clients do at least support S/MIME out of the box. While waiting, breathlessly, for Congress to take up your solution to the phishing problem, I'll continue to delete any mail that remotely smells like spam or malware, using as many tools as I can to search and destroy. And nobody wants to take that option away from you. You are, of course, free to delete only things that clamav names as ^worm\. No, because ClamAV reports at maximum _one_ malware signature match per scanned object. If it reports a match for /\.phishing\./, that doesn't mean the object doesn't also contain some other (real) malware. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Sun, 2005-03-20 at 11:03 -0500, Robert Stampfli wrote: My question: Does the ClamAV team want examples of these phishing emails submitted to them through their http://cgi.clamav.net/sendvirus.cgi interface? You can submit them via the web interface. -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Trog wrote: Robert Stampfli wrote: My question: Does the ClamAV team want examples of these phishing emails submitted to them through their http://cgi.clamav.net/sendvirus.cgi interface? You can submit them via the web interface. Can I submit my spam, too? It is bad, so it should be stopped by ClamAV. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
On Mon, 2005-03-21 at 16:06 +0100, Julian Mehnle wrote: Trog wrote: Robert Stampfli wrote: My question: Does the ClamAV team want examples of these phishing emails submitted to them through their http://cgi.clamav.net/sendvirus.cgi interface? You can submit them via the web interface. Can I submit my spam, too? It is bad, so it should be stopped by ClamAV. No. -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Trog wrote: Julian Mehnle wrote: Trog wrote: Robert Stampfli wrote: My question: Does the ClamAV team want examples of these phishing emails submitted to them through their http://cgi.clamav.net/sendvirus.cgi interface? You can submit them via the web interface. Can I submit my spam, too? It is bad, so it should be stopped by ClamAV. No. Uh, thanks. This makes real sense, I wonder why I didn't get it before. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
On Mon, 21 Mar 2005, McDonald, Dan wrote: They don't think spam, even spam with embedded java script to obscure the nature of the spam, is malware. That was the JS.Scramble pattern that was quite effective at killing off lots of spam, but they chose to remove it, and that's their right. Hopefully someone took the signature and submitted it to the spamassassin crew. Is there a way to manually add this signature back in (in a way so that when new signatures are obtained from freshclam it's not over-written)? Probably not, but I thought I'd ask. :) Thanks Sam -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: Trog wrote: Julian Mehnle wrote: Trog wrote: Robert Stampfli wrote: My question: Does the ClamAV team want examples of these phishing emails submitted to them through their http://cgi.clamav.net/sendvirus.cgi interface? You can submit them via the web interface. Can I submit my spam, too? It is bad, so it should be stopped by ClamAV. No. Uh, thanks. This makes real sense, I wonder why I didn't get it before. There have been long philosophical discussions about the distinction between spam, phishing, and various malware. The developers think phishing is malware, and it's there resources being put into killing them, so let them! They don't think spam, even spam with embedded java script to obscure the nature of the spam, is malware. That was the JS.Scramble pattern that was quite effective at killing off lots of spam, but they chose to remove it, and that's their right. Hopefully someone took the signature and submitted it to the spamassassin crew. I'd rather not endure another one of these long discussions about definitions of malware. Trog and others have graciously agreed to identify phishes, as have other groups (I use the ph surbl list quite effectively for killing off phishes too, but defense in depth, I always say.) Don't look a gift horse in the mouth, unless you are living in Troy. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Sam wrote: On Mon, 21 Mar 2005, McDonald, Dan wrote: They don't think spam, even spam with embedded java script to obscure the nature of the spam, is malware. That was the JS.Scramble pattern that was quite effective at killing off lots of spam, but they chose to remove it, and that's their right. Hopefully someone took the signature and submitted it to the spamassassin crew. Is there a way to manually add this signature back in (in a way so that when new signatures are obtained from freshclam it's not over-written)? Probably not, but I thought I'd ask. :) Sounds like a feature request to me... can we have a user.cvd file (in addition to main.cvd and daily.cvd) Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
On Mon, 2005-03-21 at 08:49 -0800, [EMAIL PROTECTED] wrote: Sam wrote: On Mon, 21 Mar 2005, McDonald, Dan wrote: They don't think spam, even spam with embedded java script to obscure the nature of the spam, is malware. That was the JS.Scramble pattern that was quite effective at killing off lots of spam, but they chose to remove it, and that's their right. Hopefully someone took the signature and submitted it to the spamassassin crew. Is there a way to manually add this signature back in (in a way so that when new signatures are obtained from freshclam it's not over-written)? Probably not, but I thought I'd ask. :) Sounds like a feature request to me... can we have a user.cvd file (in addition to main.cvd and daily.cvd) The features been there for a long time already. Read the documentation. -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Trog wrote: On Mon, 2005-03-21 at 08:49 -0800, [EMAIL PROTECTED] wrote: Sounds like a feature request to me... can we have a user.cvd file (in addition to main.cvd and daily.cvd) The features been there for a long time already. Read the documentation. Relevant documentation: http://www.clamav.net/faq.html - #23 Q: I can't wait for you to update the database! I need to use the new signature NOW! A: No problem, save your own signatures in a text file with .db extension. Put it in the same dir where the .cvd files are located. ClamAV will load it after the official .cvd files. You need not to sign the .db file. I presume clamd needs to be HUP'd? Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Matthew van Eerde wrote: Sounds like a feature request to me... can we have a user.cvd file (in addition to main.cvd and daily.cvd) Probably more like: can we have 'technical-threats.cvd' and 'non-technical-threats.cvd' instead of 'main.cvd'? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Mon, 21 Mar 2005 18:07:31 +0100 in [EMAIL PROTECTED] Julian Mehnle [EMAIL PROTECTED] wrote: Matthew van Eerde wrote: Sounds like a feature request to me... can we have a user.cvd file (in addition to main.cvd and daily.cvd) Probably more like: can we have 'technical-threats.cvd' and 'non-technical-threats.cvd' instead of 'main.cvd'? You don't give up do you? ;-) -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
On Mon, 21 Mar 2005, Trog wrote: On Mon, 2005-03-21 at 08:49 -0800, [EMAIL PROTECTED] wrote: Sam wrote: On Mon, 21 Mar 2005, McDonald, Dan wrote: They don't think spam, even spam with embedded java script to obscure the nature of the spam, is malware. That was the JS.Scramble pattern that was quite effective at killing off lots of spam, but they chose to remove it, and that's their right. Hopefully someone took the signature and submitted it to the spamassassin crew. Is there a way to manually add this signature back in (in a way so that when new signatures are obtained from freshclam it's not over-written)? Probably not, but I thought I'd ask. :) Sounds like a feature request to me... can we have a user.cvd file (in addition to main.cvd and daily.cvd) The features been there for a long time already. Read the documentation. How does one go about getting the text for JS.Scramble to put into the user.db file? Is there a location for strings that have been pulled out? -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: Brian Morrison wrote: Julian Mehnle wrote: Probably more like: can we have 'technical-threats.cvd' and 'non-technical-threats.cvd' instead of 'main.cvd'? You don't give up do you? ;-) Not until someone convincingly explains to me why my request for a practical option to distinguish between technical and non-technical threats (i.e. exploitation of technical flaws in software vs. exploitation of end-user naiveté) is inappropriate. This discussion waged for ages the last time it was brought up. Do me a favour and just read the archives. It was mind numbing back then, and I'm sure it will not be any less so now. Matt ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Matt Fretwell wrote: Julian Mehnle wrote: Brian Morrison wrote: You don't give up do you? ;-) Not until someone convincingly explains to me why my request for a practical option to distinguish between technical and non-technical threats (i.e. exploitation of technical flaws in software vs. exploitation of end-user naiveté) is inappropriate. This discussion waged for ages the last time it was brought up. Do me a favour and just read the archives. It was mind numbing back then, and I'm sure it will not be any less so now. I don't have to read the archives, I was the one who initiated the mid-November monster thread (in a totally reasonable and non-inflammatory way), and I have read all of it. Most of my reasonable points have remained unanswered, though, apart from flames that effectively amount to shut up. For instance: Julian Mehnle wrote: | Matt [EMAIL PROTECTED] wrote: | Getting back to the somewhat original question, if you download the | signatures.pdf from the Clam website, that gives you a general listing | of the different classes of various virii/malware naming conventions. | That should give you an idea of which parts of the database you may | wish to remove. | | Thanks for your constructive reply. | | If you mean section 3.5, unfortunately there is not mention of the | Phishing prefix, so obviously this list is not complete. The fact | that a Joke prefix (for hoaxes) is also listed there makes me worry | how many more supposed malware categories are unconditionally | detected by ClamAV which I would not want to be detected as malware... | | Also please keep in mind that a modular sig db would relieve ClamAV | users from downloading signatures they don't plan using. Having to | remove unwanted sigs yourself requires you to download all existing | sigs. Julian Mehnle wrote: | To those of you who argue that ClamAV should detect phishing attacks | even though tools like SpamAssassin are designed and inherently better | suited for doing that, I'd like to say that you will never really be | able to abandon SpamAssassin Co. anyway. ClamAV will never be able | to replace SpamAssassin without becoming SpamAssassin. | | Bit Fuzzy [EMAIL PROTECTED] wrote: | I can't believe this one subject can create such a mess. | | I absolutely concur. Considering that exactly _no one_ here demanded | that ClamAV abandon its capacity for detecting phishing attacks, little | yellow rubber ducks in PNG images, or whatever else, the uproar is truly | ludicrous. What was actually requested is that there be an _option_ not | to scan for certain classes of malware. No one would be disadvantaged | by that. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Mon, 21 Mar 2005 20:27:46 +0100 Julian Mehnle [EMAIL PROTECTED] wrote: | I absolutely concur. Considering that exactly _no one_ here demanded | that ClamAV abandon its capacity for detecting phishing attacks, little | yellow rubber ducks in PNG images, or whatever else, the uproar is truly | ludicrous. What was actually requested is that there be an _option_ not | to scan for certain classes of malware. No one would be disadvantaged | by that. Such an option will be available in 0.90. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Mar 21 20:32:45 CET 2005 pgpMOczBBXliJ.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Brian Morrison wrote: Julian Mehnle wrote: Probably more like: can we have 'technical-threats.cvd' and 'non-technical-threats.cvd' instead of 'main.cvd'? You don't give up do you? ;-) Not until someone convincingly explains to me why my request for a practical option to distinguish between technical and non-technical threats (i.e. exploitation of technical flaws in software vs. exploitation of end-user naiveté) is inappropriate. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Julian Mehnle wanted us to know: | To those of you who argue that ClamAV should detect phishing attacks | even though tools like SpamAssassin are designed and inherently better Perhaps marketing speak would better suit you. McAffee detects phishing emails. What better way to give *ALL* AV competitors a big weapon about why you should not use ClamAV than to disable those things that are built-in protection to the big commercial vendors. On the other hand, I do like the idea of seperate db's for seperate functions. It just seems very unixy. But at this point I fully stand behind the direction that the devs are taking clamav. -- Regards... Todd They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin Linux kernel 2.6.8.1-12mdkenterprise 2 users, load average: 0.02, 0.06, 0.06 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: flames that effectively amount to shut up. Obviously not suggestive enough, though :) Matt ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Tomasz Kojm wrote: Julian Mehnle wrote: | I absolutely concur. Considering that exactly _no one_ here demanded | that ClamAV abandon its capacity for detecting phishing attacks, | little yellow rubber ducks in PNG images, or whatever else, the uproar | is truly ludicrous. What was actually requested is that there be an | _option_ not to scan for certain classes of malware. No one would be | disadvantaged by that. Such an option will be available in 0.90. Well, that is certainly a nice prospect! Thanks a lot for not ignoring my request. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Julian Mehnle said: Tomasz Kojm wrote: Julian Mehnle wrote: | I absolutely concur. Considering that exactly _no one_ here demanded | that ClamAV abandon its capacity for detecting phishing attacks, | little yellow rubber ducks in PNG images, or whatever else, the uproar | is truly ludicrous. What was actually requested is that there be an | _option_ not to scan for certain classes of malware. No one would be | disadvantaged by that. Such an option will be available in 0.90. Well, that is certainly a nice prospect! Thanks a lot for not ignoring my request. That was pretty hard to do. dp ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Dennis Peterson wrote: Julian Mehnle said: Well, that is certainly a nice prospect! Thanks a lot for not ignoring my request. That was pretty hard to do. Yeah, people here keep telling me that, though they're not exactly communicative about why that is. All I've read is _I_ don't need what you are proposing, so shut up or just plain shut up. Little substance, not very helpful, and certainly no reason for me (or anyone!) to stop bringing up the issue. ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
At 12:43 PM 3/21/2005, Julian Mehnle wrote: Dennis Peterson wrote: Julian Mehnle said: Well, that is certainly a nice prospect! Thanks a lot for not ignoring my request. That was pretty hard to do. Yeah, people here keep telling me that, though they're not exactly communicative about why that is. All I've read is _I_ don't need what you are proposing, so shut up or just plain shut up. Little substance, not very helpful, and certainly no reason for me (or anyone!) to stop bringing up the issue. I'll chime in that while I have no objections to clamav doing phishing filtering, i also see providing the choice of whether or not to do it to be reasonable and benign. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: Dennis Peterson wrote: Julian Mehnle said: Well, that is certainly a nice prospect! Thanks a lot for not ignoring my request. That was pretty hard to do. Yeah, people here keep telling me that, though they're not exactly communicative about why that is. All I've read is _I_ don't need what you are proposing, so shut up or just plain shut up. Little substance, not very helpful, and certainly no reason for me (or anyone!) to stop bringing up the issue. Sounds like it was proper fodder for the dev list rather than this noob stumbling in the dark list. dp ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Yeah, people here keep telling me that, though they're not exactly communicative about why that is. All I've read is _I_ don't need what you are proposing, so shut up or just plain shut up. Little substance, not very helpful, and certainly no reason for me (or anyone!) to stop bringing up the issue. I think the problem is simple math: Finite number of devs with finite time. They have to use it in what they think will be more productive for the majority of us. The problem is that if you add another category to what it is supposed to block, they will spend more time making sigs than they are spending now. Which means that they will spend less time coding new and better features. I can also say that they don't want to compete against commercial AV vendors as I have read here 2^32 times that we should use not _only_ clamav, but a list of AVs to improve the chances to catch malware. Just a thought, -Samuel ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Report Phishing attacks?
Samuel Benzaquen wrote: I think the problem is simple math: Finite number of devs with finite time. They have to use it in what they think will be more productive for the majority of us. Hey, I'd accept that for a reason, even though I haven't been the only one who found the feature request valuable. The dev time argument has never really been brought up by anyone in the discussions, though, so I figured this was not the reason why so many people hated the request. The problem is that if you add another category to what it is supposed to block, they will spend more time making sigs than they are spending now. Which means that they will spend less time coding new and better features. (Perhaps you misunderstood the issue. Nobody requested that ClamAV detect another category of malware, but just that certain categories of what is already being detected be configurable not to be detected.) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: I think the problem is simple math: Finite number of devs with finite time. They have to use it in what they think will be more productive for the majority of us. Hey, I'd accept that for a reason, even though I haven't been the only one who found the feature request valuable. The dev time argument has never really been brought up by anyone in the discussions, though, so I figured this was not the reason why so many people hated the request. The reason it has probably never been mentioned is because most would construe it as being common sense to realise that fact. (Unless of course, the Dev's have found the secret of time manipulation, or have more arms than Shiva). Matt ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
On Mon, 21 Mar 2005 20:06:02 +0100 in [EMAIL PROTECTED] Julian Mehnle [EMAIL PROTECTED] wrote: Brian Morrison wrote: Julian Mehnle wrote: Probably more like: can we have 'technical-threats.cvd' and 'non-technical-threats.cvd' instead of 'main.cvd'? You don't give up do you? ;-) Not until someone convincingly explains to me why my request for a practical option to distinguish between technical and non-technical threats (i.e. exploitation of technical flaws in software vs. exploitation of end-user naiveté) is inappropriate. I'm not commenting on your correctness, merely on your staying power. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Some people wrote some stuff: about SPAM or not. Again. Okay, that's it. I'll unsubscribe. Bye! -- Steffen Breitbach Netzbetrieb Aktuelle Neuigkeiten zur Chamaeleon AG finden Sie unter http://www.chamaeleon.de Chamaeleon - Aktiengesellschaft für innovative Netzlösungen Robert-Bosch-Str. 12 / Haus IV D-56410 Montabaur Hotline: +49 26 02 - 10 16 9 - 160 Zentrale: +49 26 02 - 10 16 9 - 0 Fax: +49 26 02 - 10 16 9 - 101 Email: [EMAIL PROTECTED] http://www.chamaeleon.de ___ http://lurker.clamav.net/list/clamav-users.html