Am 11.01.2015 um 16:20 schrieb Marcin Mirosław:
W dniu 2015-01-11 o 04:49, Reindl Harald pisze:Am 10.01.2015 um 22:07 schrieb Marcin Mirosław:W dniu 2015-01-10 o 15:27, Reindl Harald pisze:Am 10.01.2015 um 15:19 schrieb David Flanigan:Is anyone using the Malware Patrol 3rd party Spamassassin Rules (https://www.malwarepatrol.net/index.shtml)? I have downloaded and looked them over and, in concept, they look pretty good. However the cf file is over 8.5megs (yes megs) in size. By far the biggest ruleset I have. I cannot think this would do good things for performance. Any experience, comments, etc?8.5 MB SA rules is crazy that really belongs to clamav directly after SA because SA eats more http://sanesecurity.com/usage/signatures/Imho clamav needs less CPU power than SA (and need less time to scane email) so I think it's better to use clamav before SAthat is true *but* after a few months it turned out that ClamAV don't catch that much mail which was killed by the SA milter after it and so 90% of all messages need to pass both - for the overall system so it makes more sense to have SA in frontI forgot about one, important thing, I'm using unofficial rules for Clamav
me too - but that did not change the numbers that sa-milter rejected a lot of more mails then clamav-milter before it over a longer time
may also depend on the quality and scoring of bayes, we have 7500 ham and 7500 spam samples - handselected - and so a very high scoring while sa-milter rejects starting with 8.0 points, that's all backed by 11 different scored DNSWL, the scoring below is only healthy if you trust your bayes uncoditional!
ifplugin Mail::SpamAssassin::Plugin::Bayes score BAYES_00 -3.5 score BAYES_05 -1.5 score BAYES_20 -0.5 score BAYES_40 -0.2 score BAYES_50 2.5 score BAYES_60 3.0 score BAYES_80 5.0 score BAYES_95 6.5 score BAYES_99 7.5 score BAYES_999 0.4 endifin summary the currently 24 DNSBL with different weights, backed by the 11 DNSWL, subject filters with different severity reach a 99.5% hitrate
your number may vary, the milters / contetscanner are facing only 5% of all delivery attempts becaue the rest is eaten by RBL scoring
[root@mail-gw:~]$ ls /var/lib/clamav/ total 179M -rw-r--r-- 1 clamupdate clamupdate 8.0K 2014-09-02 12:18 foxhole_all.cdb-rw-r--r-- 1 clamupdate clamupdate 1.9K 2014-09-19 12:34 foxhole_filename.cdb
-rw-r--r-- 1 clamupdate clamupdate 39K 2014-09-02 12:18 foxhole_generic.cdb -rw-r--r-- 1 clamupdate clamupdate 357K 2015-01-05 20:55 bytecode.cld -rw-r--r-- 1 clamupdate clamupdate 80M 2015-01-11 19:25 daily.cld -rw-r--r-- 1 clamupdate clamupdate 62M 2014-11-30 22:28 main.cvd -rw-r--r-- 1 clamupdate clamupdate 104 2015-01-11 20:25 mirrors.dat -rw-r--r-- 1 clamupdate clamupdate 9.8K 2014-09-03 14:31 sanesecurity.ftm-rw-r--r-- 1 clamupdate clamupdate 77K 2015-01-11 19:48 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamupdate clamupdate 361K 2015-01-11 00:48 crdfam.clamav.hdb -rw-r--r-- 1 clamupdate clamupdate 19K 2015-01-11 17:52 rogue.hdb -rw-r--r-- 1 clamupdate clamupdate 1.6K 2014-11-21 15:51 spamattach.hdb -rw-r--r-- 1 clamupdate clamupdate 1.2K 2014-10-28 17:51 spamimg.hdb-rw-r--r-- 1 clamupdate clamupdate 74K 2015-01-11 19:45 winnow.attachments.hdb
-rw-r--r-- 1 clamupdate clamupdate 254K 2015-01-11 19:45 winnow_bad_cw.hdb-rw-r--r-- 1 clamupdate clamupdate 266K 2015-01-11 19:45 winnow_extended_malware.hdb
-rw-r--r-- 1 clamupdate clamupdate 213K 2015-01-11 19:45 winnow_malware.hdb -rw-r--r-- 1 clamupdate clamupdate 9.3K 2014-11-27 09:44 malwarehash.hsb -rw-r--r-- 1 clamupdate clamupdate 5.7K 2015-01-09 09:01 sigwhitelist.ign2 -rw-r--r-- 1 clamupdate clamupdate 21K 2015-01-06 11:53 spam.ldb -rw-r--r-- 1 clamupdate clamupdate 93K 2015-01-11 19:52 blurl.ndb-rw-r--r-- 1 clamupdate clamupdate 2.2M 2015-01-11 19:48 bofhland_cracked_URL.ndb -rw-r--r-- 1 clamupdate clamupdate 4.7K 2015-01-11 19:48 bofhland_malware_URL.ndb -rw-r--r-- 1 clamupdate clamupdate 5.4K 2015-01-11 19:48 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamupdate clamupdate 5.9M 2015-01-03 16:04 junk.ndb -rw-r--r-- 1 clamupdate clamupdate 573K 2015-01-11 19:52 jurlbl.ndb -rw-r--r-- 1 clamupdate clamupdate 229K 2015-01-11 19:52 jurlbla.ndb -rw-r--r-- 1 clamupdate clamupdate 239K 2014-10-01 11:49 lott.ndb -rw-r--r-- 1 clamupdate clamupdate 3.6M 2015-01-09 19:14 phish.ndb -rw-r--r-- 1 clamupdate clamupdate 3.3M 2015-01-11 19:45 phishtank.ndb -rw-r--r-- 1 clamupdate clamupdate 1.8M 2015-01-06 16:51 scam.ndb -rw-r--r-- 1 clamupdate clamupdate 14M 2015-01-11 19:45 scamnailer.ndb -rw-r--r-- 1 clamupdate clamupdate 2.0M 2015-01-09 19:12 spear.ndb -rw-r--r-- 1 clamupdate clamupdate 64K 2015-01-11 19:52 spearl.ndb-rw-r--r-- 1 clamupdate clamupdate 937K 2015-01-11 19:45 winnow_malware_links.ndb -rw-r--r-- 1 clamupdate clamupdate 1.1M 2015-01-11 19:45 winnow_phish_complete_url.ndb -rw-r--r-- 1 clamupdate clamupdate 277K 2015-01-11 19:45 winnow_spam_complete.ndb
signature.asc
Description: OpenPGP digital signature