Hi Bill and all, On 2011-08-28 01:50, Bill Landry wrote: > and since I rarely receive FP reports for > the INetMsg SpamDomains signature databases, I am considering > including one of them, as well. for the records: we had seen so many FPs with them after we had started to use them that we score them lower than other unofficial databases. After having changed their score long time ago, we have hardly received FP reports from our users containing SpamDomain hits anymore, so at least our hardly reporting FPs with them may be misleading. On our 3 parallel SA hosts with ClamAV, we have seen the hits below between Sun Sep 4 04:06:09 2011 and Thu Sep 8 22:12:57 2011. The thousands of hits with INetMsg SpamDomain-2m in those 5 days are somewhat exceptional: in the 3 weeks before that we had about 250 per host and week ... Best regards, wolfgang [host2] ~ # grep UNOFFICIAL /var/log/clamav/clamd.log | awk '{print $8}' | \ > awk -F "." '{print $1,$2}' | sort | uniq -c | sort 11 Sanesecurity Malware 16 Doppelstern Loan 196 Sanesecurity Junk 1 Doppelstern Lott 1 Sanesecurity Casino 1 Sanesecurity Dipl 1 Sanesecurity Rogue 1 Sanesecurity Stk 205 Sanesecurity Jurlbl 2511 INetMsg SpamDomain-2m 27 Doppelstern Junk 29 Sanesecurity Lott 3 Sanesecurity SpamAttach 44 Sanesecurity Spam 4 Sanesecurity Hdr 4 Sanesecurity Spear 51 Sanesecurity Phishing 65 Doppelstern Scam4 7 Sanesecurity ScamL 7 Sanesecurity SpearL 8259 INetMsg SpamDomain-2w 89 Sanesecurity Scam4 8 Sanesecurity SpamL 8 ScamNailer Phish [host3] ~ # grep UNOFFICIAL /var/log/clamav/clamd.log | awk '{print $8}' | awk -F "." '{print $1,$2}' | sort | uniq -c | sort 14 Doppelstern Loan 14 Sanesecurity SpearL 161 Sanesecurity Junk 17 Sanesecurity SpamL 1 MBL_234274 UNOFFICIAL 1 Sanesecurity Spam4 1 Sanesecurity SpamAttach 1 winnow phish 240 Sanesecurity Jurlbl 2416 INetMsg SpamDomain-2m 26 Sanesecurity Lott 27 Doppelstern Junk 2 Sanesecurity Casino 3 Sanesecurity Hdr 3 Sanesecurity Rogue 3 Sanesecurity Spear 40 Sanesecurity Spam 44 Sanesecurity Phishing 55 Doppelstern Scam4 5 Sanesecurity ScamL 7 Sanesecurity Malware 7 ScamNailer Phish 8176 INetMsg SpamDomain-2w 82 Sanesecurity Scam4 [host4] ~ # grep UNOFFICIAL /var/log/clamav/clamd.log | awk '{print $8}' | awk -F "." '{print $1,$2}' | sort | uniq -c | sort 10 Sanesecurity Malware 11 Sanesecurity ScamL 11 Sanesecurity SpamL 12 ScamNailer Phish 14 Doppelstern Loan 187 Sanesecurity Junk 19 Sanesecurity Lott 1 Doppelstern Phishing 1 Sanesecurity Casino 1 Sanesecurity Dipl 1 Sanesecurity Rogue 1 Sanesecurity Spam4 1 Sanesecurity Stk 1 winnow phish 222 Sanesecurity Jurlbl 2461 INetMsg SpamDomain-2m 2 Sanesecurity Spear 33 Doppelstern Junk 39 Sanesecurity Spam 51 Sanesecurity Phishing 59 Doppelstern Scam4 5 Sanesecurity Hdr 5 Sanesecurity SpamAttach 8204 INetMsg SpamDomain-2w 84 Sanesecurity Scam4 9 Sanesecurity SpearL