On Saturday 09 February 2019 12:47:11 G.W. Haywood wrote: > Hi there, > > On Sat, 9 Feb 2019, Gene Heskett wrote: > > Has anyone rigged clamd to check what looks like questionable links > > contained in incoming emails? It seems over the last 2 weeks my spam > > has tripled, and I suspect the real payload is in the urls in the > > message. > > Trawl the logs to see where it comes from. I find blocking incoming > mail by country code to be far more effective than almost anything > else. I'll hazard the guess that Asia and Eastern Europe will figure > large in the results.
My ISP seems to take care of about 95% of that stuff, most of what gets my attention comes from local to the US servers, like earthlink. > > Or is this so time consuming and bandwidth wasting its not worth it? > > ClamAV is pretty resource intensive, so more or less anything that > will reduce the number of calls to ClamAV processes will be well worth > doing. Here, at the moment, clamd sees about 1.3% of attempts to send > mail to us. That is, in February, 98.7% of incoming mail connections > were rejected before clamav-milter ever got to see any data. I tend to leave the disposal of the positives to procmail. But it never tells me specifically when it sends a mail to virii. So I go look at it, and if over ten megs, nuke it and touch it. I don't look at it that closely, but haven't found but maybe 1 FP a year. As long as its not a rich uncle dying and leaving me millions, I don't care cause I have no such kin, all dirt poor like me. :) Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
