Richard Lanard wrote:
I've been thinking about the Sniffer, but i had a few questions: Do i have to have Pro to run it, i.e. external tests?
Any Declude version works with external tests.
and How effective is it against Phishing?
or would it be better to add Mcafee and Clam for this problem?
Very good, though not as good as with standard spam, probably because the phishers are a step above the typical zombie spammer and they use more tricks and clean addresses.
We currently are limited to phrase filtering in Imail for the Phishing part.
If you have custom filtering capabilities, there is a host of opportunities for improvement, or as a supplement to things like Sniffer. One of my more recent tricks to to create a 'combo' filter where one filter checks for the URL or name of a bank that is being used, and another filter checks for a link containing an IP address (IPLINKED). The combination of hits is near perfect, though there are other linking mechanisms that they use. Between the two of these things, phishing is mostly weighted very high on my system.
Take note that the biggest weakness of my system remains the Advance Fee Fraud (Nigerian) stuff. These messages almost always come from legitimate hosts (Web-mail accounts), and the content is so variable that the only possible improvement might be bayesian filtering, which I think only SpamAssassin could provide. I have one customer that is hammered by this stuff for some reason (many each day), and he always lets me know when one gets through. The increase in it's volume makes us look like we're going backwards on the issue :(
Still, if this was about whether or not to choose Sniffer, I think you would be hard pressed to find any single product that came close to their detection rates and accuracy. Paired with Declude, you get the best of both worlds, and you can become damn near perfect.
Matt
Steve Flook wrote:
I would have to agree with Matt. After installing Sniffer about 4 months ago it's already more then paid for itself when you consider the time we spent constantly tweaking our filter files. It's a great add-on.
Steve
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Matt
*Sent:* Tuesday, December 21, 2004 10:06 AM
*To:* [email protected]
*Subject:* Re: [Declude.JunkMail] tools/weights
Buy Sniffer. It is the optimal add-on for Declude (and other systems). It will tag over 95% of your spam with ~99.8% accuracy (depending on your definitions). For the time that you would invest in getting your system even close to what the combination would provide, you will have easily paid for Sniffer. Most of those that participate on this list use it, and it might well provide you with the level of results that you seek without doing anything else. It might be a little difficult to understand from skimming the site, but there is plenty of help available in this group to get you up and running.
Matt
Schmeits, Roger wrote:
http://www.declude.com/Articles.asp?ID=100
There are numerous tools on this page. Are there favorites? Dogs?
Question:
In the manual it talks about assigning weights for blacklists.
Example
Testname fromfile c:\imail\declude\badpeople.txt x 5 0
Would some explain the purpose of the placeholder and the two weights?
Is this a standard format through declude files?
I am the learning mode...
########################## Roger Schmeits Sr. Network Engineer Clarkson College http://www.clarksoncollege.edu (402) 552-2542 ########################## Disclaimer:
The information contained in this e-mail is privileged and confidential and is intended only for the use of the addressee(s) indicated above. Use or disclosure of information e-mailed in error is respectfully prohibited. If you have received this e-mail in error, please contact the sender and immediately delete the original message. Thank you.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
Richard Lanard Information Technology Support University of Georgia Business Outreach Services /SBDC
---
[This E-mail was scanned for viruses by the University of Georgia SBDC Email System.]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
