On Saturday, July 30, 2005, 11:47:40 PM, Greg Allen wrote:
It seems like this would be a hard thing to do by IPs. If you were to use Clamav and the Spamassassin hook (see wiki for it), you may get better near real-time phishing protection. That is what I do here any way. I give Clamav a 100 score. That's my 2 cents anyway.
Not exactly sure what you mean by "by IPs". SURBLs list whatever appears in spam message body URI (host portions). For most spams those are domain names, but for many phishes, they're IP addresses (i.e. http://1.2.3.4/). If they have IPs in them, we list the IPs. If they have domain names, we list the domain names.
ClamAV is designed to protect against viruses. While their anti-phishing function works well, phishes and spam are not viruses. They probably felt the need to do something because the phishing threat is pretty serious, or can be if people get tricked by them, but we've had a SURBL phishing list for about a year:
http://www.surbl.org/lists.html#ph
SURBLs are designed to check message body URIs, which is what spammers and phishers are usually trying to direct victims with, therefore our tool is a much better fit for the problem than a virus tool, IMO.
Jeff C.