[Mimedefang] Sober virus highlights problem

Paul Murphy pmurphy at ionixpharma.com
Thu May 19 06:20:08 EDT 2005


Jonathan,

Whitelisting is a very coarse way to filter your messages, and should really
only be used when someone regularly sends messages to you which are important
and which get flagged as spam.  By whitelisting an address or domain, you are
explicitly telling the system to accept everything from it, which is exactly
what it is doing.

If you've not had issues with false positives, why whitelist an address?

The correct way to handle this is to run SpamAssassin on everything, and then
adjust scores downwards by 10 points or so for domains you have problems with
but wish to receive from.

Clamav does indeed scan text parts for phishing attacks, but it does this by
finding links to know phishing sites, or known phishing techniques.  Scanning
for race hate mail is obviously possible, but at the end of the day it is an
anti-virus program, not a content filter.  I'm surprised that they added
phishing detection, since it isn't a virus, and is the first step of mission
creep.

SpamAssassin has some custom rules for Sober-generated race hate mail, which
will work well.  If you are trapping SPAM rather than discarding or bouncing it
if it has a high enough score, then you have to accept that there will be a
management problem in dealing with the trap.  Personally, I mark up anything
which scores between 5 and 10, and bounce anything scoring over 10, and in 18
months, we've never bounced a legitimate mail.  I know, because I log all of
them, and regularly scan the sender lists to check that we haven't bounced a
message which should have got through.

Best Wishes,

Paul.
__________________________________________________
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788


_______________________________________________________________________
DISCLAIMER:
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
_______________________________________________________________________ 





More information about the MIMEDefang mailing list