On Tuesday 03 January 2012 11:28:09 Charles Marcus wrote: > On 2012-01-03 12:09 PM, /dev/rob0 <r...@gmx.co.uk> wrote: > > Info/advice: with postscreen(8), sane HELO restrictions, and good > > DNSBLs, clamav is not going to get much use. > > Clamav, with the sane-security sigs, most certainly does block a > lot of phising scams that would not otherwise be blocked.
I admit, it has been some time since I used/evaluated clamav, but at that time, all it did catch at two small business sites over 3-4 months was less than one phish per month. And I never saw an actual virus mail. Also, my clamav was pretty much just the default settings. > And most of postfixes built-in anti-spam techniques will NOT block > an infected email from a friends computer, and clamav likely will. I suppose you mean that the virus sent mail through an ISP relay, in which case of course you are right. I haven't gotten these. Perhaps a different type of friends, or just as likely, I have no friends. ;) Still, URIBL filtering with amavisd-new/SA should catch these, or so it would seem. > ASSP is by far the best anti-spam content filter, but it isn't > designed to be used with amavisd-new... I'd love to see it > modified so that it could be an after-queue content filter called > from amavisd-new, because its block reporting capabilities are > insanely great, and it is very easy for a user to request an > up-to-the-minute snapshot of their spam quarantine using a > pre-built email template. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
