forgot the list sorry, you can very easily tell what should or should not be flagged for review with the most granular rules, anything with virus attachments should NEVER get to the user, period, ever. Id rather have 100 false positives for viruses than my network get turned into a zombie because I threw my users to the wolves.
Also as best practices state, you never discard messages because you flagged them as spam unless you have a valid high confidence threat on them such as a well known virus, you flag them and let the user determine what to do with said flagged mail, but virus spam should always be dealt with much sooner than on the users machine. If a payload has reached the user you are already too late to deal with it. On Wed, Apr 30, 2014 at 9:04 PM, Barbier, Jason <[email protected]>wrote: > you can very easily tell what should or should not be flagged for review > with the most granular rules, anything with virus attachments should NEVER > get to the user, period, ever. Id rather have 100 false positives for > viruses than my network get turned into a zombie because I threw my users > to the wolves. > > Also as best practices state, you never discard messages because you > flagged them as spam unless you have a valid high confidence threat on them > such as a well known virus, you flag them and let the user determine what > to do with said flagged mail, but virus spam should always be dealt with > much sooner than on the users machine. If a payload has reached the user > you are already too late to deal with it. > -- Jason Barbier | [email protected] Pro Patria Vigilans
