ged at jubileegroup
Aug 20, 2012, 6:41 AM
Post #2 of 5
On Mon, 20 Aug 2012, Mark A. Olbert wrote:
> ... now there's a lot more stuff to review before reporting. ...
Your statistics seem a bit grim to me. It certainly sounds like a lot
of work which might not be necessary. On a typical business day we
see something between five and ten thousand attempts to send unwanted
mail, of which at most perhaps one or two per day will be accepted.
There will be between fifty and one hundred genuine messages. On a
good day, all of those will be accepted. :)
The vast majority of unwanted mail will be weeded out by relatively
lightweight processes. ClamAV is likely to reject only five or ten
messages per month. The vast majority of those will be detected via
third-party databases, in particular at the moment INetMsg.SpamDomain
is running at about 50% and Sansecurity about 20% of detections.
We have had a grand total of one virus infected message accepted so
far this year. As we run no Windows machines it was not a real issue
for us but it felt like a personal defeat.
Contrary to poular belief you can read an entire message (and, of
course, store it for later analysis) without accepting it. Reading
the entire message before rejecting it gives away less about the
defences than, say, rejecting on a suspicious subject line.
It isn't clear to me whether you are accepting or rejecting unwanted
mail. My advice is to reject all unwanted mail. If you accept it,
the scrotes will just send more of the stuff.
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net