On Wed, 30 Dec 2009 10:49:43 -0700 "Nathanael D. Noblet" <[email protected]> wrote:
> On 12/30/2009 10:11 AM, Carlo Rodrigues wrote: > > > >>> >> I'm using dspam and I'm very happy with it, except for this new > >>> wave of > >>> >> mp3 / gif viagra spam. > >>> >> > >>> >> The mp3 spam emails had only the attachment, no subject and no body > >>> text. > >>> >> The gif spam emails that I'm seeing now have random pieces of > >>> english > >>> >> text (from books?) on the subject and body, and the attachment. > >>> >> > >>> >> dspam is proving very ineffective stopping these spams. Especially > >>> the > >>> >> gif ones. > >>> >> > >>> >> How are you all fighting and stopping these spams? > >>> >> > >>> >one way would be to use ClamAV to stop them. Do you use ClamAV? > >>> > >>> Yes I do. But ClamAV doesn't recognize these emails as viruses. > >>> > >>> > >> You should consider adding additional signatures to ClamAV. Read more here > >> about some of them: > >> http://www.oitc.com/winnow/clamsigs/index.html > >> http://www.msrbl.com/ > >> http://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml > >> http://malwarepatrol.com.br/ > >> > >> There is even a nice script helping you to download and deploy them > >> automatically: > >> http://www.sanesecurity.co.uk/databases.htm > >> > >> > > Very nice... I'll have to add these. > > I have to say, the *best* list I've ever used has been the RBL from > barracuda networks. its free and we drop from 60-85% of our mail at that > stage now. From that I have clamav and dspam. Once I have clamav > stopping these gif mails, I will hardly expect to see falsely classified > spam anymore... I would *seriously* consider using the barracuda system. > You have to register (http://www.barracudacentral.org/) to use it but we > have 4 other blacklists configured and barracuda seems to stop more than > any other list... > > > b.barracudacentral.org > I do use the Barracuda RBL as well but please, please, please, please don't just use blindly any RBL without looking at it before implementing it. Al Iverson is doing sice years an evaluation of some of the commonly used RBL lists and I would suggest you to read his notes and his stats about his finding -> http://stats.dnsbl.com/ He is the only one I know that does not only test the blocking rate but tests as well the false blocking rate. And he does that since 2 or 3 years. From what I can say is: NO RBL IS PERFECT! So please don't just use a RBL some one else is suggesting since RBL's can have different efficency depending on your mail content, mail language, your geographical location, etc. I would strongly suggest you to use some kind of weightened system to mitigate the false positive rate. Combined with: - the possibility to maintain your own whitelist - the possibility to maintain your own blocklist - the possibility to maintain your own blacklist - the possibility to use a DNSBL - the possibility to use a RHSBL - the possibility to use a URI DNSBL - the possibility to use DNSWL - the possibility to use other reputation systems (aka: www.trustedsource.org, www.senderbase.org, www.cloudmark.com, etc) - the possibility to use other metrics (aka: GeoIP, ASN, Netblock, sender OS, etc) - the possibility to use weightened scoring - etc... -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Dspam-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspam-user
