[Mimedefang] SNARE spam detection

David F. Skoll dfs at roaringpenguin.com
Wed Jul 29 20:52:41 EDT 2009

- wrote:
>> Yes, for sure.  However, it can be useful as a Bayes token, maybe, or
>> as a rule adding a couple of points.

> OK, but using APEWS or UCE-PROTECT L2 or L3 blacklists would yield a
> similar result.

You don't know that a-priori.  As we've added more and more tokens
to Bayes, we've discovered surprising things.

>> Yeah, the port scanning seemed fishy to me.  It could be that
>> they only scan a few "well-known" bot control ports.

> Which still runs into trouble on any system that tarpits all unused ports.

That's easy to work around.  But I still think port-scanning is a very
bad idea.



More information about the MIMEDefang mailing list