From: Robert Menschel [mailto:[EMAIL PROTECTED] > > UfSML> SARE_FRAUD was suggested but would this be a duplication when > UfSML> we are running clamd virus scanner on all the mail? > > I don't think so. The fraud rules file is aimed at phishing emails. > If clamd catches your phishing emails, then yes, it'd be a > duplication. If clamd doesn't do too good a job on phish, then the > fraud rules would be worth having.
ClamAV has a few rules for phishing emails, but SARE_FRAUD should catch some of the ones that slip through. If you're not sure, try it for a while and monitor your logs to see how many messages it hits. Bowie
