On 9/8/2011 1:36 PM, Wolfgang Zeikat wrote:
Hi Bill and all, On 2011-08-28 01:50, Bill Landry wrote:and since I rarely receive FP reports for the INetMsg SpamDomains signature databases, I am considering including one of them, as well.for the records: we had seen so many FPs with them after we had started to use them that we score them lower than other unofficial databases. After having changed their score long time ago, we have hardly received FP reports from our users containing SpamDomain hits anymore, so at least our hardly reporting FPs with them may be misleading.
That's interesting, as I host one of the Sanesecurity rsync mirrors and see that the SpamDomain signature databases are being used by some of the largest US based carrier/ISPs (and possibly several non-US based as well - I just don't recognize their domain names), the 3rd largest company in the world (when I looked them up I found that they have 500,000 employees and have offices and are doing business in 192 countries), and some rather large universities. And it looks like these entities have been using them for quite some time and are reporting no issues.
On our 3 parallel SA hosts with ClamAV, we have seen the hits below between Sun Sep 4 04:06:09 2011 and Thu Sep 8 22:12:57 2011. The thousands of hits with INetMsg SpamDomain-2m in those 5 days are somewhat exceptional: in the 3 weeks before that we had about 250 per host and week ...
Well, this really doesn't tell us anything as the hit counts need to be correlated to overall hit rates from all other signatures database during that time frame, as well.
Anyway, thanks for the stats and feedback. Bill