jef moskot wrote:
On Thu, 27 Jan 2005, Jim Maul wrote:
What if the plumber and the mechanic work on it together? ;)
What if the electrician goes to night school to learn ornithology?
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Or be
Since ClamAV already has a naming scheme in place (Worm, Phishing, etc),
why not just add a config file option to disable each classification
(with all of them enabled by default)?
Voila! Admins who want to block everything can do so. Admin who only
want to block worms can do so. Admins who
On Thu, 27 Jan 2005 21:30:56 +0100 in
[EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]>
wrote:
> On Thu, 27 Jan 2005 14:29:06 -0600 (CST)
> Damian Menscher <[EMAIL PROTECTED]> wrote:
>
> > The simplest solution seems to be to write a wrapper around
> > freshclam.
>
> You can patch ClamAV to filt
On Thu, 27 Jan 2005 14:29:06 -0600 (CST)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> The simplest solution seems to be to write a wrapper around freshclam.
You can patch ClamAV to filter out all *Phishing* sigs in
libclamav/readdb.c. It should be simpler and more reliable solution.
--
oo
On Fri, 28 Jan 2005, Jason Haar wrote:
clamAV (like all other AVs) produces a report stating what the malware is. In
the case of Phishing, clamAV tags them as "*.Phishing.*".
So, change your "blocking agents" to ignore such matches Don't be
surprised if they don't have the option, but if
I don't understand what the fuss is.
clamAV (like all other AVs) produces a report stating what the malware
is. In the case of Phishing, clamAV tags them as "*.Phishing.*".
So, change your "blocking agents" to ignore such matches Don't
be surprised if they don't have the option, but if y
> On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
>
> >=20
> > We do a lot of on-line commerce. We cannot tolerate many false positives.
> > Phishing exploits are something we deal with through education first, and
> > filtering second. As phishers become more sophisticated and numerous
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 13:05 -0600, Damian Menscher wrote:
> Oh, ok. Apparently we have a different definition of plaintext. I
> generally take anything using only the lower 7 bits (ASCII table) to
> mean plaintext, and things that use the 8th bit to mean binary.
On Thu, 27 Jan 2005 13:54:22 -0500 (EST) in
[EMAIL PROTECTED] jef moskot
<[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005, Jim Maul wrote:
> > What if the plumber and the mechanic work on it together? ;)
>
> What if the electrician goes to night school to learn ornithology?
Electrified owls?
--
On Thu, 2005-01-27 at 13:05 -0600, Damian Menscher wrote:
> Oh, ok. Apparently we have a different definition of plaintext. I
> generally take anything using only the lower 7 bits (ASCII table) to
> mean plaintext, and things that use the 8th bit to mean binary.
> Regardless of your definitio
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 12:45 -0600, Damian Menscher wrote:
> Another is your assertion that my "initial assumptions" were incorrect
> when I suggested that phishing signatures were more likely to create
> false positives as a result of being more likely to be match
On Thu, 2005-01-27 at 12:45 -0600, Damian Menscher wrote:
> Another is your assertion that my "initial assumptions" were incorrect
> when I suggested that phishing signatures were more likely to create
> false positives as a result of being more likely to be matching
> plaintext. Which initial
On Thu, 27 Jan 2005, Jim Maul wrote:
> What if the plumber and the mechanic work on it together? ;)
What if the electrician goes to night school to learn ornithology?
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 12:32 -0600, Damian Menscher wrote:
> Seriously, that's an unfair question. When you're deleting people's
> email, how would they find out if there was a false positive? With
> spam, it's standard practice to review a junk-mail box for fals
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of BitFuzzy
Sent: Thursday, January 27, 2005 9:36 AM
To: ClamAV users ML
Subject: Re: [Clamav-users] Phishing Questions
You know, this gets old real quick!
Back when this debate first started (around November or so) I
Damian Menscher wrote:
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
> We do a lot of on-line commerce. We cannot tolerate many false
positives.
> Phishing exploits are something we deal with through education
first, and
> filtering second. As phishers
On Thu, 2005-01-27 at 12:32 -0600, Damian Menscher wrote:
> >
> > And how many Phishing false positives have you had exactly?
>
> All of them. ;)
>
> Seriously, that's an unfair question. When you're deleting people's
> email, how would they find out if there was a false positive? With
> s
On Thu, 2005-01-27 at 11:14 -0600, Damian Menscher wrote:
> On Thu, 27 Jan 2005, Jim Maul wrote:
> >
> > Is it causing you (or anyone for that matter) a problem by clamav catching
> > some phishing attempts as opposed to spamassassin catching them? Whats
> > really the issue here? You just dont
On Thu, 27 Jan 2005, Trog wrote:
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
> We do a lot of on-line commerce. We cannot tolerate many false positives.
> Phishing exploits are something we deal with through education first, and
> filtering second. As phishers become more sophisticate
On Thu, 2005-01-27 at 09:25 -0800, Dennis Peterson wrote:
>
> We do a lot of on-line commerce. We cannot tolerate many false positives.
> Phishing exploits are something we deal with through education first, and
> filtering second. As phishers become more sophisticated and numerous false
> positi
From:
http://www.infoworld.com/article/05/01/21/04FEphishing_1.html?source=NLC-WS2005-01-26
Phishers are employing increasingly sophisticated techniques, such as
malicious code buried in images, keystroke-logging applications that
download as soon as an e-mail is opened, and spoofed Web sites tha
You know, this gets old real quick!
Back when this debate first started (around November or so) I never
thought it would stop.
In November I decided to do 2 things 1 log what virus's were being
caught, where they were going, and what virus was detected.
Out of 446 detected viruses, 167 were phish
Jim Maul wrote:
If my car is broken usually I take it to a mechanic. But if a friend of
mine who happens to be a plumber can fix it also, does it really matter
if I bring it to him instead? No.
-Jim
Ok, I took part in the previous discussion and I accept the developers
decision. But I just..
On Thu, 27 Jan 2005 11:27:48 -0600 (CST)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005, Tomasz Kojm wrote:
> > On Thu, 27 Jan 2005 Damian Menscher <[EMAIL PROTECTED]> wrote:
> >
> > > ...which is why, in my original email, I referred to things that
> > > propagate automatical
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 Damian Menscher <[EMAIL PROTECTED]> wrote:
> ...which is why, in my original email, I referred to things that
> propagate automatically without intervention from their author.
OK, so what about the trojans? ;-)
I take the somewhat-unusu
Sam said:
>
> Also to Damian: I understand what you are saying, but tend to agree more
> with Jim. What does it matter who catches it as long as it's caught?
The answer to this is simple: my policy for dealing with spam is quite
different than my policy for dealing with viruses. Spam is annoying,
On Thu, 27 Jan 2005 11:08:12 -0600 (CST)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> ...which is why, in my original email, I referred to things that
> propagate automatically without intervention from their author.
OK, so what about the trojans? ;-)
--
oo. Tomasz Kojm <[EM
Damian Menscher wrote:
On Thu, 27 Jan 2005, Jim Maul wrote:
Is it causing you (or anyone for that matter) a problem by clamav
catching some phishing attempts as opposed to spamassassin catching
them? Whats really the issue here? You just dont believe clamav is
the right tool for that job, but
On Thu, 27 Jan 2005, Jim Maul wrote:
Is it causing you (or anyone for that matter) a problem by clamav catching
some phishing attempts as opposed to spamassassin catching them? Whats
really the issue here? You just dont believe clamav is the right tool for
that job, but is there REALLY a probl
> Ok, so its not a virus, and its not spam. So neither product should
> detect it your saying? How about both products detect it, we have
> overlap, and users are happy cause they dont have to deal with this crap
> in their inbox.
Personally, I'd love to have it as a config option in clamd.conf.
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005, Tomasz Kojm wrote:
> >
> > Phishing IS NOT spam! Is that really so hard to understand?
>
> Phishing IS NOT a virus! Is that really so hard to understand?
95% of internet
Damian Menscher wrote:
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
Phishing IS NOT spam! Is that really so hard to understand?
Phishing IS NOT a virus! Is that really so hard to understand?
Ok, so its not a virus, and its not spam. So neither product should
detect it your saying? How about both pro
On Jan 27, 2005, at 11:29 AM, Tomasz Kojm wrote:
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
Just my two cents - I agree with the other guy. CLAM should blocks
virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that
On Thu, 27 Jan 2005 10:57:27 -0600 (CST)
Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005, Tomasz Kojm wrote:
> >
> > Phishing IS NOT spam! Is that really so hard to understand?
>
> Phishing IS NOT a virus! Is that really so hard to understand?
95% of internet worms are not viru
Tomasz Kojm wrote:
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
Just my two cents - I agree with the other guy. CLAM should blocks
virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that really so hard to understand
On Thu, 27 Jan 2005, Tomasz Kojm wrote:
Phishing IS NOT spam! Is that really so hard to understand?
Phishing IS NOT a virus! Is that really so hard to understand?
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61
On Thu, 27 Jan 2005 17:40:25 +0100
Stefan Hornburg <[EMAIL PROTECTED]> wrote:
> Can you give me a pointer to how Phishing is defined and detected in
> the context of ClamAV ?
See http://www.antiphishing.org/
"What is Phishing?
Phishing attacks use 'spoofed' e-mails and fraudulent websites design
On Thu, 27 Jan 2005 17:29:05 +0100
Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Thu, 27 Jan 2005 11:27:00 -0500
> Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
>
> > Just my two cents - I agree with the other guy. CLAM should blocks
> > virii and worms, and leave SPAM to something else. Just th
On Thu, 27 Jan 2005 11:27:00 -0500
Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
> Just my two cents - I agree with the other guy. CLAM should blocks
> virii and worms, and leave SPAM to something else. Just think of the
Phishing IS NOT spam! Is that really so hard to understand?
--
oo
> > There was a discussion about this several months ago. Unfortunately,
> > many people (including part of the signature-generation team) are too
> > dogmatic about their feelings that "phishing is bad, so we should block
> > it" to look at it logically.
> Is it causing you (or anyone for that
On Jan 27, 2005, at 10:33 AM, Tomasz Kojm wrote:
No problem. As a bonus we will create a signature for your domain name
;-)
Just kidding! Honest! I'd NEVER think of having Windows thought of as
a virus... :-)
___
http://lists.clamav.net/cgi-bin/mailma
On Thu, 2005-01-27 at 09:45 -0600, Sam wrote:
> (This is directed more at Trog than anyone...) So if one were to submit
> phishing attempts, what do you need? I don't think the virus submission
> page will allow one to submit something without an attachment?
>
> Do you need headers?
>
> Do you
On Thu, 27 Jan 2005, Jim Maul wrote:
> Is it causing you (or anyone for that matter) a problem by clamav
> catching some phishing attempts as opposed to spamassassin catching
> them? Whats really the issue here? You just dont believe clamav is the
> right tool for that job, but is there REALLY
Damian Menscher wrote:
On Thu, 27 Jan 2005, Sam wrote:
I have yet another question. I have noticed Clam stopping (or at
least to me it appears to be stopping) various phishing attempts. Or am I
wrong?
If this is the case, I will start submitting phishing attemps I see (I
probably get 3 - 4 a day).
Damian Menscher wrote:
Please don't. Phishing attempts do not automatically propagate (by
infecting a machine and being re-sent) and therefore are generally
one-time events. As such, they can be trivially changed to evade any
signature-based filter, which must obviously generate a signature
_
On Thu, 27 Jan 2005 10:32:55 -0500
Bart Silverstrim <[EMAIL PROTECTED]> wrote:
>
> On Jan 27, 2005, at 10:25 AM, Damian Menscher wrote:
>
> > There was a discussion about this several months ago.
> > Unfortunately, many people (including part of the
> > signature-generation team) are too dogmat
On Jan 27, 2005, at 10:25 AM, Damian Menscher wrote:
There was a discussion about this several months ago. Unfortunately,
many people (including part of the signature-generation team) are too
dogmatic about their feelings that "phishing is bad, so we should
block it" to look at it logically.
Ca
On Thu, 27 Jan 2005, Sam wrote:
I have yet another question. I have noticed Clam stopping (or at
least to me it appears to be stopping) various phishing attempts. Or am I
wrong?
If this is the case, I will start submitting phishing attemps I see (I
probably get 3 - 4 a day).
Please don't. Phishing
Trog: Thanks for the advice on the new releases.
I have yet another question. I have noticed Clam stopping (or at
least to me it appears to be stopping) various phishing attempts. Or am I
wrong?
If this is the case, I will start submitting phishing attemps I see (I
probably get 3 - 4 a day).
49 matches
Mail list logo