[Mimedefang] SNARE spam detection
David F. Skoll
dfs at roaringpenguin.com
Wed Jul 29 20:52:41 EDT 2009
- wrote:
>> Yes, for sure. However, it can be useful as a Bayes token, maybe, or
>> as a rule adding a couple of points.
> OK, but using APEWS or UCE-PROTECT L2 or L3 blacklists would yield a
> similar result.
You don't know that a-priori. As we've added more and more tokens
to Bayes, we've discovered surprising things.
>> Yeah, the port scanning seemed fishy to me. It could be that
>> they only scan a few "well-known" bot control ports.
> Which still runs into trouble on any system that tarpits all unused ports.
That's easy to work around. But I still think port-scanning is a very
bad idea.
Regards,
David.
More information about the MIMEDefang
mailing list