[Mimedefang] for mcafee lovers
Kevin A. McGrail
kmcgrail at pccc.com
Tue Mar 22 17:23:10 EST 2005
> Do any commercial AV scanners have phishing signatures? If not, that's
> a very strong argument for Clam.
Yes and no. Because Phishing is such a growing concern, EVERYONE is
addressing it in some manner.
For example, I know there are signatures like Phish-BankFraud.eml.X in
McAfee (http://vil.mcafeesecurity.com/vil/content/v_127728.htm).
I also know that Symantec has been gearing up to add everything under the
sun to their "expanded threat" category.
However, from what I have researched, ClamAV is way beyond what other virus
scanners are doing
But in most cases, URI RBLs like SURBL will be most effective with tagging
Phish'ing if not blocking it because so many of the emails are now copying
"real" emails verbatim. How can you content differentiate between a "real"
and a phish without something like SURBL? Razor/AV/Content stuff just fail
in these instances.
Regards,
KAM
More information about the MIMEDefang
mailing list