clamd usually catches between 100-160 klez infections per day on e-mail to our domain. The day the Exploit.IFrame and Exploit.IFrame.HTML rules were added, only 64 were caught (our rules update at 11am, and 11pm EST). Today, only 26 klez were caught.
I highly doubt all those klez infections magically got cleaned up at the same time that these new rules were added. However, Exploit.IFrame.HTML cause 86 violations today, and if those were actually klez, then all the klez crap is likely still getting caught. I'm just hoping to verify with someone that knows the Exploit.IFrame.HTML rule and klez that this is the case (klez still being caught, just identified differently). And if that is the case, then I'm wondering if there's a way to get the klez rule to match first so that these appear to be identified more accurately/appropriately. Thanks in advance, -- Josh I. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
