On Wed, 2009-01-14 at 09:59 -0500, Rob McEwen wrote: > Rasmus Haslund wrote: > >> After a loud outcry from our users from the increasing level of spam in > >> their inboxes, I installed the Botnet >Plugin. > >> > > Is this something that can be used with the SA in Icewarp Merak? > > > > Because Rasmus manages a mail server where B2B mail is routinely > sent/received _globally_, Rasmus is the king of finding FPs. I could be > wrong, but judging from previous reports about the Botnet Plugin, I > predict that Rasmus will either (a) find the Botnet Plugin utterly > unusable due to FPs, or (b) only be able to score it by a point or two > due to excessive FPs. (Rasmus--by all means--please don't take my word > for it--try it out and then let us know what happened!)
I too found botnet to be a great source of FP. By combining it with p0f it's moderately useful. But sanesecurity would be more useful... a pity we can't replicate the incremental updates that the official clamav project uses. I seem to recall that they had problems scaling until they went to that process. -- Dan McDonald, CCIE #2495, CISSP# 78281, CNX www.austinenergy.com
