I installed unbound DNS server and xtables-geoip for iptables to drop a bunch of countries and now CPU usage is down to 30%, mem is down to 375mb and no crash for the last 15 hours.
Thanks for all the tips. On Tue, Apr 27, 2010 at 12:01 PM, GrayHat <[email protected]> wrote: >>> http://www.sanesecurity.co.uk/databases.htm > >> GrayHat, > > Hi there ! > >> I've wondered about adding these to my few installs but never had >> a situation where I could it run it and monitor it w/o fear of loosing >> important mail (no unimportant test domain). What is your FP rate >> with this, do you have list of the db's that you find complimentary >> but not overlapping w/ ASSP? > > It *mainly* depends from the signatures you pick from there; some > of those may give you quite some false-positives; others won't; in > my case, set aside a few sparse cases, I had NO false positives > at all; but, again, using extra signatures is like using a given DNS > blacklist; before using it in a production environment you'd better > test it and btw ASSP (at least the v2) allows you to do so by using > some regexp to score the ClamAV results; at any rate, and to stay > on the safe side, I'd suggest you to try the following > > rsync://rsync.sanesecurity.net/sanesecurity/sanesecurity.ftm > rsync://rsync.sanesecurity.net/sanesecurity/junk.ndb > rsync://rsync.sanesecurity.net/sanesecurity/lott.ndb > rsync://rsync.sanesecurity.net/sanesecurity/phish.ndb > rsync://rsync.sanesecurity.net/sanesecurity/rogue.hdb > rsync://rsync.sanesecurity.net/sanesecurity/scam.ndb > rsync://rsync.sanesecurity.net/sanesecurity/spear.ndb > rsync://rsync.sanesecurity.net/sanesecurity/scamnailer.ndb > rsync://rsync.sanesecurity.net/sanesecurity/winnow_malware.hdb > > by the way, the above is just a suggestion, feel free to add more > signatures; just ensure to set up the ASSP regexp so that in case > one of the sigs you're testing will have a hit you won't be rejecting > the message... at least NOT until you'll be quite confident :) > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user > ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
