[SURBL-Discuss] RE: Adding SpamBouncer phishing data to
ariel at spambouncer.org
Mon Aug 1 03:52:44 CEST 2005
> >Personally, I don't think an AV program should attempt to detect
> >anything other than a virus or trojan -- actual malicious code.
> >ClamAV's doing so has made it more than a bit of a nuisance for
> >some administrators, who found that complaints about phishes sent
> >to their abuse address were getting filtered by their AV program.
> Most antivirus companies appear to disagree with you for now. At this point
> in time it is a competitive thing. They do it or they will not survive. My
> McAfee saw your example ebay page as a Trojan "js/cardsteeler'.
I don't check for it; JS doesn't run on the browsers I normally
use unless I explicitly allow it on a particular site.
Most AV companies follow what each other do. Unfortunately, in this
case -- they're making their products less useful to many of us. :/
> This has been a debate for some time and the antivirus companies have
> decided the debate. Can you look at it with SURBL also? Sure, but I am just
> saying it is a lot of effort to add these disposable IP addresses into any
> database. Who goes back and cleans up these databases 2 years from now when
> maybe a real user gets one? It's your system, I am just giving you my
> prospective, which could of course be wrong or...right. Time will tell.
I'm adding the IPs to SpamBouncer anyway; it isn't any more work to
add them to SURBL. Since I expire them by default in a month, unless
they still appear, and since Jeff is expiring anything he gets from
me on the same schedule I do, nobody needs to go back and clean up the
database -- in two years or any other time. So I don't see any disadvantage
here, especially since a number of decent AVs still aren't listing
phish URLs as viruses/dangerous content.
Catherine Hampton <ariel at spambouncer.org>
The SpamBouncer * <http://www.spambouncer.org/>
Personal Home Page * <http://www.devsite.org/>
More information about the Discuss