+1 Yesterday, 6% of our mail flow was rejected by Foxhole.Zip family. They are #1 on our list about 50% of the time for weeks now.
I got a commendation last week for prevention work, so rare in email adminning. Security team would be swimming in overtime if it weren't for foxhole_js in particular. We use all 4 of them now. Foxhole_all hasn't been a FP problem for us either, despite it being labelled high risk. We had ONE professor who couldn't email around some software, told them to use box.com instead for sharing and problem solved. ________________________________________ From: Rick Macdougall <ri...@ummm-beer.com> Sent: Friday, May 20, 2016 7:50:46 AM To: users@spamassassin.apache.org Subject: Re: SA cannot block messages with attached zip On 2016-05-20 10:36 AM, Paul Stead wrote: > Second, the foxhole_js database is what you're looking for > > Paul > > On 20/05/16 13:11, Reindl Harald wrote: >> >> >> Am 20.05.2016 um 13:07 schrieb Dianne Skoll: >>> On Fri, 20 May 2016 09:31:48 +0300 >>> Emin Akbulut <eminakbu...@gmail.com> wrote: >>> >>>> What do you suggest to fight these spams? >>> >>> ClamAV is basically useless >> >> no it is not, look at the sanesecurity foxhole signatures >> http://sanesecurity.com/usage/signatures/ Thirded, Statistics since: 19 April 2016 04:02:15 Total Viruses stopped: [ 271764 ] Total Unique Viruses: [ 2242 ] Viruses stopped in the last 24 hours: [ 20118 ] Top 10 Viruses in the last 24 hours Sanesecurity.Foxhole.Zip_fs223.UNOFFICIAL 7860 Sanesecurity.Junk.52698.UNOFFICIAL 2798 Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL 1925 Sanesecurity.Malware.26201.JsHeur.UNOFFICIAL 1626 Sanesecurity.Jurlbl.Auto.b6c4d3.UNOFFICIAL 649 Sanesecurity.Malware.24631.XlsHeur.UNOFFICIAL 623 Sanesecurity.Jurlbl.Auto.87287f.UNOFFICIAL 414 winnow.spam.ts.xmailer.2.UNOFFICIAL 341 Sanesecurity.Jurlbl.Auto.a33ccf.UNOFFICIAL 283 Sanesecurity.Jurlbl.Auto.aaeaca.UNOFFICIAL 157 Regards, Rick