On 11/01/2013 11:21 AM, Eric Broch wrote:
Brent,
I've never heard (or I haven't been listening) about implementing
SaneSecurity. Does it work well. Do you know how much spam it stops?
Does it mark it or drop it? Are there config options?
I've just implemented DSPAM on my QmailToaster (ironed out all the bugs
last night) and it works phenomenally. I trained about 30 messages and
haven't had one untagged spam since and no false positives. I've only
trained it with spam, no ham. I realize this has only been 18 hours or
so but it works much better than Spamassassin--I have both installed.
I'm wondering if DSPAM shouldn't be stock in the Toaster packages as
Spamassassin and Spamdyke are not doing it for my clients.
I am now setting up a DSPAM gateway for a client.
Eric
Here's my stats for the month of October (gathered by hand, no script
sorry):
blocked by firewall: 360520
blocked by spamdyke total: 268965
DENIED_EARLYTALKER: 127
DENIED_RBL_MATCH: 78336
DENIED_RDNS_MISSING: 123262
DENIED_RDNS_RESOLVE: 61816
DENIED_RHSBL_MATCH: 2683
DENIED_SENDER_NO_MX: 2741
blocked by bad recipient: 1656
blocked by attachment extension: 365
blocked by clamav total: 195
sanesecurity: 190
other sigs: 5
blocked by spamassassin score: 8305
allowed: 32463
In the big picture SaneSecurity isn't that big, but it's the vast
majority of my ClamAV hits. It would probably be more important if we
weren't using Spamdyke or blocking unnecessary countries via iptables.
When something hits a SaneSecurity signature, it'll look like this in
the log:
qmail-smtpd: qq hard reject (Your email was rejected because it contains
the Sanesecurity.Malware.22448.UNOFFICIAL virus):
MAILFROM:<bad...@foo.net> RCPTTO:myu...@example.com
Spamdyke will also pick it up as a DENIED_OTHER.
I don't recall changing any configs to use the SaneSecurity signatures
other than the downloader config script:
/etc/clamav-unofficial-sigs.conf
This is installed by the qtp-install-sanesecurity script. I don't know
what the default values are but here are my strings that specify which
SaneSecurity, SecuriteInfo, and MalwarePatrol sig DBs to download:
ss_dbs="
blurl.ndb
bofhland_cracked_URL.ndb
bofhland_malware_attach.hdb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
crdfam.clamav.hdb
doppelstern.hdb
foxhole_all.cdb
junk.ndb
jurlbl.ndb
phish.ndb
phishtank.ndb
porcupine.ndb
rogue.hdb
sanesecurity.ftm
scam.ndb
sigwhitelist.ign2
spamattach.hdb
spamimg.hdb
winnow.attachments.hdb
winnow_bad_cw.hdb
winnow_extended_malware.hdb
winnow_malware.hdb
winnow_malware_links.ndb
"
si_dbs="
honeynet.hdb
securiteinfo.hdb
securiteinfobat.hdb
securiteinfodos.hdb
securiteinfoelf.hdb
securiteinfohtml.hdb
securiteinfooffice.hdb
securiteinfopdf.hdb
securiteinfosh.hdb
"
mbl_dbs="
mbl.ndb
"
Brent Gardner
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
