If virus, don't scan with SA

Scott Silva ssilva at sgvwater.com
Mon Jul 28 16:03:29 IST 2008

on 7-26-2008 8:29 AM Chris Barber spake the following:
> on 7-25-2008 8:56 AM Chris Barber spake the following:
>> There is another very good reason for not bothering to 
>> micro-optimi[sz]e this.
>> If you're scanning your viruses with spamassassin there's a good 
>> chance they'll be auto-learned as spam.  So when the phishing attack 
>> is mutated to avoid existing signatures Bayes can still get them.
>> Cheers,
>> Phil
>> --
>> Phil Randal
>> Networks Engineer
>> Herefordshire Council
>> Hereford, UK
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of 
>> Julian Field
>> Sent: 24 July 2008 09:30
>> To: MailScanner discussion
>> Subject: Re: If virus, don't scan with SA
>> The reason I haven't tried to implement it is that viruses (incl what 
>> sanesecurity finds) are a very small percentage of your total mail 
>> volume. Probably 2 or 3% at a guess. So it wouldn't actually make any 
>> noticeable difference to your MailScanner server load.
>> Jules
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> Before posting, read http://wiki.mailscanner.info/posting
>> Support MailScanner development - buy the book off the website!
>> Thanks for all the responses guys. I see about 25-30% viruses now that 
>> I use sane security. I guess it is different for everyone. But the 
>> added bayes entries are prob worth leaving it alone.
>> Thanks again,
>> Chris
>> A lot of those are probably coming from places that others of us don't see because of blacklists. But I have to agree >on the bayes training only helping.
> What blacklists do you recommend? The only ones I use are zen.spamhaus.org and list.dsbl.org
> Thanks
> Chris
Ihave had good luck with the spamcop list. I can't use the zen list because 
although my usage is way below their thresholds (way less than 50%, usually 
closer to 25%) I still get blocked by them. But I can't justify the cost of a 
feed for the volume of our mail. Trying to contact them about it falls on deaf 
(I guess it would be blind) mailreaders.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080728/0ca72e72/signature.bin

More information about the MailScanner mailing list