On 12/3/2009 10:32 PM, Dennis Peterson wrote:
I quoted viruses above because much of what is found is actually
blacklisted URL's, scams, spam, etc. Very few true viruses show up anymore.
That seems to be true if you're doing DNSBLs that block the dynamic
address ranges. I see a steady trickle of true viruses (well, trojans)
constantly hitting ClamAV. But when you look closely at the host names,
I'd bet that nearly all of them would be blocked by some sort of dynamic
DNSBL.
(We're not currently using a DNSBL at SMTP time.)
It would probably be a lot worse for us, except that we don't accept
hostnames that aren't valid, aren't FQDNs, and don't resolve back to a
DNS A or MX record. Out of all of our SMTP time rejects, the FQDN check
is responsible for over half. There's a lot of bots out there that just
use a 6-10 random letter host identifier that can't get past the FQDN test.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
