BitDefender and Phishing...
Steen, Glenn
Glenn.Steen at AP1.SE
Sun Apr 24 16:35:23 IST 2005
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Alex Neuman
> van der Hans
> Sent: den 23 april 2005 22:22
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: BitDefender and Phishing...
>
>
> When you say you're rejecting anything from your IP or your
> domain, do you
> mean with an entry in /etc/mail/access or a milter? (if you're using
> sendmail, that is)
Nope, Postfix with a fairly standard (well...:-) practice of rejecting
"HELO frauds" via access restrictions like (in main.cf):
smtpd_helo_restrictions = permit_mynetworks,
check_helo_access
hash:/etc/postfix/deny_domain_spoof
... and in deny_domain_spoof
ap1.se REJECT
194.14.216.2 REJECT
(there's actually more here, but those are "internal"... and those two
take care of most, if not all, frauds)
I used to do that in the check_sender_access (well, it actually still
does), but this catches far more. "Downside" is that MS just catches
less than 5 viruses a day, where it used to be up to 30... And spam
is down somewhat too. So my stats "lie" a bit about how much we really
get (not good PHB strategy:-).
Works great for me since I don't have/never will have "roaming users".
-- Glenn
>
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
> Of Steen, Glenn
> Sent: Friday, April 22, 2005 9:02 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: BitDefender and Phishing...
>
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Steen, Glenn
> > Sent: den 22 april 2005 15:42
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: BitDefender and Phishing...
> >
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list
> > > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy
> > > Sent: den 22 april 2005 15:37
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Re: BitDefender and Phishing...
> > >
> > >
> > > 887 since 6th April..
> > "A few days" is a relative term:-).
> > Thanks Dahwal (& Roger)...
> > Do you have similar stats for clamav and/or mcafee during the same
> > period?
> (Replying to myself... How quaint:)
> I saw the first "hit" on a Regions bank phish on the 15:th, and have
> received a whopping 9 hits since then (both McAfee and BD),
> while I've had
> 11 hits with clamav (2 charterone frauds that clamav is the
> only one to
> find).
> Due to me cavalierly rejecting anything HELOing with my IP adddress or
> domain name, I don't see that much viruses anymore:-), hence
> my question...
>
> Cheers
> -- Glenn (who still has a PHB that won't let him use MS phishing net)
>
> >
> > -- Glenn
> >
> > > - dhawal
> > >
> > > Roger Jochem wrote:
> > > > I'm seeing it for two weeks or more too...
> > > >
> > > > ----- Original Message -----
> > > > From: "Steen, Glenn" <Glenn.Steen at AP1.SE>
> > > > To: <MAILSCANNER at JISCMAIL.AC.UK>
> > > > Sent: Friday, April 22, 2005 10:08 AM
> > > > Subject: BitDefender and Phishing...
> > > >
> > > >
> > > >
> > > >>Is it just me, or has BD started catching phishes too?
> > > >>I've seen a lot of
> > > >>"Bitdefender: Found virus Trojan.Spy.HTML.Bankfraud.DQ ..."
> > > >>lately. Seems to be about on par with McAfee.
> > > >>
> > > >>Any one with a decent load (more than the approx 2000
> emails/day I
> > > >>get) who has some more solid stats? Change happened a few days
> > > >>back.
> > > >>
> > > >>-- Glenn
> > >
> > > ------------------------ MailScanner list ------------------------
> > > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > > Support MailScanner development - buy the book off the website!
> > >
> >
> > ------------------------ MailScanner list
> ------------------------ To
> > unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and the
> > archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list