Hi there, On Sat, 9 Feb 2019, Gene Heskett wrote:
Has anyone rigged clamd to check what looks like questionable links contained in incoming emails? It seems over the last 2 weeks my spam has tripled, and I suspect the real payload is in the urls in the message.
Trawl the logs to see where it comes from. I find blocking incoming mail by country code to be far more effective than almost anything else. I'll hazard the guess that Asia and Eastern Europe will figure large in the results.
Or is this so time consuming and bandwidth wasting its not worth it?
ClamAV is pretty resource intensive, so more or less anything that will reduce the number of calls to ClamAV processes will be well worth doing. Here, at the moment, clamd sees about 1.3% of attempts to send mail to us. That is, in February, 98.7% of incoming mail connections were rejected before clamav-milter ever got to see any data. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
