Greg Swift wrote:
> (http://www.zdziarski.com/projects/rabl/), and ClamAV. DSPAM scans the
> msg for spam and virus(linking to clamav) and if it tags the message as
> spam it sends RABL a notice about that customer's spamminess. Once the
> user reaches a threshold (right now about 50 notices) RABL blacklists
> them (default 6 hours). The nice thing about this concept is that its
> automatic, and all the customer has to do is clean their machines and
> then when 6hrs hit they are back to normal, until they get infected
> again (or if they didnt suceed).
>
> But i don't know where to go from there, or if that is even the best way
> to do that. Does anyone have any suggestions or anything?
In my humble opinion, 1) fifty warnings is far too lenient, and 2) six
hours is far too short. To cause your customers to change behaviour
you must cause them pain - this is basic Skinner conditioning.
Cut off on one solid detection, don't re-enable until after they manually
complain (and explain to them why your automatics need to protect the
rest of the world from from their badly-administered systems), and
then don't enable for another 12-24 hours (like, when it's convenient
for your dayshift. Don't put it on automatic, that isn't painful
enough for you *either*).
- Jeremy