On Mon, 27 Dec 2010 13:36:39 -0800 Ted Mittelstaedt <t...@ipinc.net> wrote:
[...] > > We do not find virus-scanning before spam-scanning to be > > effective. A tiny percentage of our mail is flagged as containing > > a virus, > That's subject to interpretation I think. I would guess that your > LEGITIMATE mail is ALSO a tiny percentage of your total received > mail. ;-) No, not really. Here are the statistics for 30 days' worth of mail for messages that made it past greylisting: - About 600 000 non-spam messages - About 530 000 spam or suspected-spam messages - About 65 000 messages blocked for various reasons other than content-filtering (on DNSBL, sender blacklisted by end-user, etc.) - 774 viruses as detected by ClamAV As you see, viruses make up a tiny percentage of mail volume. Non-spam makes up about 50% of the post-greylisting volume or about 20% of total volume including greylisting. During that same period, about 2.4 million messages were greylisted, of which just under 50 000 were retried correctly and made it past the greylisting hurdle. Greylisting remains tremendously effective. > The real question is, do you get viruses that would make it past SA? I can't answer that because we scan for viruses before SA. I would guess yes. It would be more efficient to scan for viruses after scanning for spam, even though we still do it the other way around. Regards, David.