If virus, don't scan with SA

Scott Silva ssilva at sgvwater.com
Mon Jul 28 16:03:29 IST 2008 

on 7-26-2008 8:29 AM Chris Barber spake the following:
> 
> on 7-25-2008 8:56 AM Chris Barber spake the following:
>> There is another very good reason for not bothering to 
>> micro-optimi[sz]e this.
>>
>> If you're scanning your viruses with spamassassin there's a good 
>> chance they'll be auto-learned as spam.  So when the phishing attack 
>> is mutated to avoid existing signatures Bayes can still get them.
>>
>> Cheers,
>>
>> Phil
>>
>> --
>> Phil Randal
>> Networks Engineer
>> Herefordshire Council
>> Hereford, UK
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
>> Julian Field
>> Sent: 24 July 2008 09:30
>> To: MailScanner discussion
>> Subject: Re: If virus, don't scan with SA
>>
>> The reason I haven't tried to implement it is that viruses (incl what 
>> sanesecurity finds) are a very small percentage of your total mail 
>> volume. Probably 2 or 3% at a guess. So it wouldn't actually make any 
>> noticeable difference to your MailScanner server load.
>>
>> Jules
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>> Thanks for all the responses guys. I see about 25-30% viruses now that 
>> I use sane security. I guess it is different for everyone. But the 
>> added bayes entries are prob worth leaving it alone.
>>
>> Thanks again,
>> Chris
>> A lot of those are probably coming from places that others of us don't see because of blacklists. But I have to agree >on the bayes training only helping.
> 
> What blacklists do you recommend? The only ones I use are zen.spamhaus.org and list.dsbl.org
> 
> Thanks
> Chris
> 
> 
Ihave had good luck with the spamcop list. I can't use the zen list because 
although my usage is way below their thresholds (way less than 50%, usually 
closer to 25%) I still get blocked by them. But I can't justify the cost of a 
feed for the volume of our mail. Trying to contact them about it falls on deaf 
(I guess it would be blind) mailreaders.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/0ca72e72/signature.bin

More information about the MailScanner mailing list