[SURBL-Discuss] RE: Adding SpamBouncer phishing data to ph.surbl.org

Catherine Hampton ariel at spambouncer.org
Mon Aug 1 03:52:44 CEST 2005

> >Personally, I don't think an AV program should attempt to detect
> >anything other than a virus or trojan -- actual malicious code.
> >ClamAV's doing so has made it more than a bit of a nuisance for
> >some administrators, who found that complaints about phishes sent
> >to their abuse address were getting filtered by their AV program.

> Most antivirus companies appear to disagree with you for now. At this point
> in time it is a competitive thing. They do it or they will not survive. My
> McAfee saw your example ebay page as a Trojan "js/cardsteeler'.

<nod> That one did have a javascript on it.  I missed that because
I don't check for it; JS doesn't run on the browsers I normally
use unless I explicitly allow it on a particular site.

Most AV companies follow what each other do.  Unfortunately, in this
case -- they're making their products less useful to many of us. :/

> This has been a debate for some time and the antivirus companies have
> decided the debate. Can you look at it with SURBL also? Sure, but I am just
> saying it is a lot of effort to add these disposable IP addresses into any
> database. Who goes back and cleans up these databases 2 years from now when
> maybe a real user gets one? It's your system, I am just giving you my
> prospective, which could of course be wrong or...right. Time will tell.

I'm adding the IPs to SpamBouncer anyway; it isn't any more work to
add them to SURBL.  Since I expire them by default in a month, unless
they still appear, and since Jeff is expiring anything he gets from 
me on the same schedule I do, nobody needs to go back and clean up the
database -- in two years or any other time.  So I don't see any disadvantage
here, especially since a number of decent AVs still aren't listing 
phish URLs as viruses/dangerous content.  

Catherine Hampton <ariel at spambouncer.org>
The SpamBouncer         *     <http://www.spambouncer.org/>
Personal Home Page      *         <http://www.devsite.org/>

More information about the Discuss mailing list