[sanesecurity] Re: Script update
- From: Bill Landry <bill@xxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 08 Sep 2011 17:33:35 -0700
On 9/8/2011 1:36 PM, Wolfgang Zeikat wrote:
Hi Bill and all,
On 2011-08-28 01:50, Bill Landry wrote:
and since I rarely receive FP reports for
the INetMsg SpamDomains signature databases, I am considering
including one of them, as well.
for the records: we had seen so many FPs with them after we had started
to use them that we score them lower than other unofficial databases.
After having changed their score long time ago, we have hardly received
FP reports from our users containing SpamDomain hits anymore, so at
least our hardly reporting FPs with them may be misleading.
That's interesting, as I host one of the Sanesecurity rsync mirrors and
see that the SpamDomain signature databases are being used by some of
the largest US based carrier/ISPs (and possibly several non-US based as
well - I just don't recognize their domain names), the 3rd largest
company in the world (when I looked them up I found that they have
500,000 employees and have offices and are doing business in 192
countries), and some rather large universities. And it looks like these
entities have been using them for quite some time and are reporting no
issues.
On our 3 parallel SA hosts with ClamAV, we have seen the hits below
between
Sun Sep 4 04:06:09 2011 and
Thu Sep 8 22:12:57 2011.
The thousands of hits with INetMsg SpamDomain-2m in those 5 days are
somewhat exceptional: in the 3 weeks before that we had about 250 per
host and week ...
Well, this really doesn't tell us anything as the hit counts need to be
correlated to overall hit rates from all other signatures database
during that time frame, as well.
Anyway, thanks for the stats and feedback.
Bill
Other related posts:
