Max Spam Check Size

Kash, Howard (Civ, ARL/CISD) hmkash at arl.army.mil
Fri Oct 13 14:17:05 IST 2006


> 4.57.1-1 is up on the web site now. Has a new setting "Max Spam Check 
> Size". Messages bigger than this are assumed to not be spam. This 
> significantly speeds up spam checking. Spammers cannot afford to send 
> huge messages, they want to use their bandwidth sending more smaller 
> messages as it pays better.
> 
> Default limit is 150k, which apparently is a very safe figure for this
test.
> 
> Please can you let me know your experience with this.

So far this is working great.  One thing I have noticed, though, and not
sure if this is proper behavior or not.  An email comes in with a
password protected zip file infected with Bagle.  It's size is about
250k.  Previously it would also have been detected as SPAM (and virus
infected) and quarantined.  Now the spam checks are skipped and the
messages are coming through with the attachment stripped, subject
modified with the value of "Virus Subject Text" and body prepended with
the contents of "Inline HTML Warning".  Bagle is listed as a "Silent
Virus" and "Still Deliver Silent Viruses" is set to no.  .zip files are
denied in our filename.rules.conf.  "Allow Password Protected Archives"
is no.  So it seems like the filename rule is trumping the silent virus
setting?  Should it?


Howard


More information about the MailScanner mailing list