On Sunday, July 31, 2005, 3:52:53 AM, Herb Martin wrote:
Presumably -- now you have me interested so I am going to check -- ClamAV does more than a naive pattern match on the URI and apparently they even have (had) endless debates in the ClamAV newsgroups/lists on this subject.
Sure, and any additional pattern matching is probably useful for detecting phishes, but every phish I've seen has tried to direct someone to a fake web site. Web sites mentioned in spams, including phishing spams, are *precisely* what SURBLs are designed to detect.
SURBLs are not designed to detect viruses at all, just web sites. Phishes don't usually have viruses, but they do have web sites. Draw your own conclusions.... :-)
And by the way: I REALLY appreciate your SURBL lists and hard work
On behalf of the many people helping out with the SURBL project in various ways, thanks for your kind words.
Jeff C.