Re: [exim] Blocking Stock Spam ACL

Pàgina inicial
Delete this message
Reply to this message
Autor: Michael Sprague
Data:  
A: exim-users
Assumpte: Re: [exim] Blocking Stock Spam ACL
Chris Lightfoot wrote:
> On Fri, Dec 08, 2006 at 01:16:52PM -0500, Michael Sprague wrote:
>     [...]
>> So I deny if a scam is matched but discard if it's a 'real' virus.  The 
>> extra match condition in the deny acl currently just matches the 
>> 'Email...' sigs.

>
> This (and the similar decision by the ClamAV people to
> start including phishing mail that is *sent by* viruses,
> as well as the viruses themselves, in their database) of
> course risks the irritating side-effect that users then
> can't report these mails to the responsible authorities
> without jumping through idiotic hoops. Probably best to
> make sure your configuration doesn't do that :-)
>


I haven't had any issues yet with discarding 'virus' matches via clamav;
even though those do include phishing attacks. Being new to the
sanesecurity sigs though, I thought it would be best to deny rather than
discard 'scam' messages. I'm willing to guess that if any false
positives do occur it will be with the scam messages rather than the
phishing messages. Of course this is just a guess. Still, only
started using this today so I need more time to see how things really
pan out. :)

thanks,
mikeS

-- 
Michael F. Sprague     | mfs@???
http://www.saneinc.net | Provider of SpamOnion anti-spam service
System and Network Engineering (SaNE), Inc