David wrote: > The idea is that there are additional clamd definitions one can use to > scan for spam such as the MSRBL definitions ( http://www.msrbl.com/site/ > ) and the SaneSecurity definitions ( > http://www.sanesecurity.co.uk/clamav/ ) that have been discussed here > earlier. > > These definitions allow one to use clamd to scan for spam in a > definitions-based manner. They pick up spam (pharm, oem, etc), scams > (lotto, 419, phishing, job offer, loan, mortgage), image spam, pdf spam, > and various others. They are highly effective and carry very little risk > of false-positives due to the strict definition-based nature of the > detection. > > Here are a few log snippets to show what I mean: > <snip> > > And regular viruses look like this > > Jul-25-07 03:39:47 ... Trojan.Downloader-11827 > > I'm actually having a really hard time finding actual viruses in my > logs. Looking through my logs, I find that the spam caught by clamd far > far outweighs the real viruses caught by clamd. Numbers like 1000:1 come > to mind.
My experience as well. Most viruses never get past delaying. I've had maybe 3 virus hits on my exchange server since I started using ASSP(over a year). > The use of virus scoring with regexes would allow one to score the > email/html "viruses" differently from the > trojan/worm/flooder/backdoor/etc real viruses. Perhaps even coming to > the point of scoring "Email.Img" differently from "Html.Phishing". It's > all the same to me, though. I'm fine with a virus hit being blocked > outright because the definitions are rather fool-proof and so far have > not resulted in any false positives for me. Interesting. > I hope that covered everything. > I find it amusing that this messages was flagged as spam by ThunderBird. :) Kevin ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
