Hi there, On Mon, 20 Aug 2012, Mark A. Olbert wrote:
... now there's a lot more stuff to review before reporting. ...
Your statistics seem a bit grim to me. It certainly sounds like a lot of work which might not be necessary. On a typical business day we see something between five and ten thousand attempts to send unwanted mail, of which at most perhaps one or two per day will be accepted. There will be between fifty and one hundred genuine messages. On a good day, all of those will be accepted. :) The vast majority of unwanted mail will be weeded out by relatively lightweight processes. ClamAV is likely to reject only five or ten messages per month. The vast majority of those will be detected via third-party databases, in particular at the moment INetMsg.SpamDomain is running at about 50% and Sansecurity about 20% of detections. We have had a grand total of one virus infected message accepted so far this year. As we run no Windows machines it was not a real issue for us but it felt like a personal defeat. Contrary to poular belief you can read an entire message (and, of course, store it for later analysis) without accepting it. Reading the entire message before rejecting it gives away less about the defences than, say, rejecting on a suspicious subject line. It isn't clear to me whether you are accepting or rejecting unwanted mail. My advice is to reject all unwanted mail. If you accept it, the scrotes will just send more of the stuff. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
