On Wed, Sep 29, 2004 at 03:17:08PM +0200, Steffen Heil said: > Hi > > > There are a significant amount of other methods that will generally detect > an infected email. Approximately 3.8% of infected emails ever reach the > stage where the virus scanners I use get called into action, and Clam hasn't > missed one of those yet. Check for other email exploits before checking for > virii. > > So tell use, our preacher, how you do that? > > For example, I DO have dnsblacklists, helo string checking, mime checks, > clsid extension checks, empty and to large boundary checks, verify sender > domain and soon some callout-checks in front of clamav. > However, some mail should get delivered and those should be checked, right?
I also use greylisting on top of all of the methods you have above, and clam now catches single digits of viruses/week (granted, this mx only handles about 800-1000 emails/day, but scale appropriately). The only viruses hitting my MX are coming in from forwarding services. All direct to MX viruses have stopped. -- -------------------------------------------------------------------------- | Stephen Gran | Tallulah Bankhead barged down the Nile | | [EMAIL PROTECTED] | last night as Cleopatra and sank. -- | | http://www.lobefin.net/~steve | John Mason Brown, drama critic | --------------------------------------------------------------------------
pgp1OPVHdd40E.pgp
Description: PGP signature
