Virii detection very low

Ken Goods KGoods at AIAINSURANCE.COM
Tue Oct 25 22:12:46 IST 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> On 25/10/05, Ken Goods <KGoods at aiainsurance.com> wrote:
>> Ed Bruce wrote:
>>> We only get about 2k-3k incoming email/day - but over the last 15
>>> days no virii were detected. Normally we get around 2-3 infected
>>> emails/day. Anybody else seeing a lot fewer infected emails then
>>> normal? I just get a little worried when nothing is seen.
>>> 
>>> later,
>>> Ed
>>> 
>> 
>> Funny... I was just getting ready to post a message exactly like
>> this. We too process 2-5k messages per day and I haven't seen a
>> virus since I upgraded MailScanner a week ago Friday. I received 14
>> the day before the upgrade. Thought something went wrong with the
>> upgrade so I used GFI to send myself the virus laden test emails and
>> they were caught (and I was notified) perfectly. But still, I went
>> from an average of 7 per day to zero! A little concerning.... Then
>> again, I have the luxury of being able to block several countries at
>> the firewall and that cut them to about 10% of what I was seeing
>> before.  
>> 
>> Still keeping a close watch though... seems a little to coincidental.
>> 
>> Ken Goods
>> Network Administrator
>> AIA/CropUSA Insurance, Inc.
>> 
> 
> About the same load, and pretty much only see some stray Mytobs (short
> bursts of 2-10 evrey third day or so)... And clam catching the normal
> 2-5 phishes/day. You do run clamav?

Yes, MailScanner/Spamassassin/ClamAV. All upgraded Friday before last. Hence
the strange coincidence.... maillog looks fine stating that virus scanning
is happening and like I said, the GFI email virus tests were all caught
correctly... strange. But now that I think about it I'm not getting the
normal amount of bad filetype/content/phish notification messages from
MailScanner nor any Phish notification messages from Clam (via MailScanner).
But they are getting caught as I just received a phish that MailScanner
caught and modified the message (with no postmaster notification). So it
looks like I'm just not getting the notifications like I did before. Also
mailScanner-MRTG is not reporting any viruses....

I did look through the notification section of MailScanner.conf and nothing
has changed that I could see. (ran upgrade_MailScanner_conf after the
upgrade)

hummm.... back to Sherlock Holmes mode..... 

Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list