Hi there,
On Sun, 18 Jun 2017, Paul Kosinski wrote:
On Fri, 16 Jun 2017 17:22:53 +0100 (BST) "G.W. Haywood" wrote:
... We just outright reject all mail from the '.edu' TLD ...
Why do you reject *all* email from ".edu".
Because all connections we see from .edu are either from compromised
accounts sending spam or from irresponsible juveniles who think it's
clever/cool/whatever to try to hack into other people's computers.
Doesn't that cut you off from lots of useful technological info?
Not in the least. There's a reasonable scientific press, for example.
(I don't think I *ever* see spam from ".edu".)
That seems strange to me. Generally speaking we have no reason to
correspond with .edu domains, but even so, apart from hack attempts
we never see anything else. Do you actually look for it? I mean,
you know, read the logs? :)
There's an important point here. Well over 90% of the attacks we see
are defeated by preventing connections from the sources of the attacks
simply because they are known sources of attacks. It's not the only
technique we use, but even on its own it's more effective, in terms of
both success rate and processing overhead, than scanning for malicious
characteristics - which of course we do as well, but only after the
bulk of the dross has been dropped using a number of other techniques.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
