Re: SBS 2008 and antivirus

In article <399E1972-827B-4980-A6FB-4204687FDDF0@xxxxxxxxxxxxx>,
SteveSchwab@xxxxxxxxxxxxxxxxxxxxxxxxx says...
Hope it's OK to barge in on this thread. Leythos, you recommended the UTM
solution to me a while back. I've just installed a watchguard edge and it's
working great. Can you recommend settings for email filtering? What do you do
for "confirmed" "bulk" and "suspect". Do you deny, quarantine, or add subject
tag? Have you seen many false positives?

I'm super impressed with Watchguard. It was easy to set up and it's
obviously much better than the old Linksys wrt54 we were using before. Thanks
for the recommendation.

During the first week we MARK (add subject) to all categories and email
the user at 2AM (default setting) each list. At the end of the week we
determine if any were mismarked and create exceptions for them.

After the 1 week period we "DELETE" "Confirmed" and "Bulk" and
Quarantine "Suspect" spam - the Suspect spam is part of the nightly
email status for each user, they can unquarantine as needed - so far
we've not had more than 2 or 3 emails from thousands of accounts that
had to release anything from quarantine.

As for false positives - the only time we get a "False" is when a
customer forwards us something from one of their business partners that
is a question about an attached email being spam/a threat - since we
don't white-list all of our customers, when they forward us a SPAM from
someone they wanted white-listed our system detects it as spam.

I have seen no confirmed false positives, and I've seen no deleted
emails that were improperly classified - we have hundreds of thousands
of emails per week across many clients using this, I would think there
would be at least a few complaints, but we're not hearing any since
moving from GFI to WG UTM.

We also filter content out of SMTP sessions, blocking (removing)
anything that could be malicious.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Relevant Pages

  • Re: PLUG: PMAS
    ... The state of the art that can be obtained with DNSbsl is> 80% with out a DHCP list, and well into the 90% in spam detection. ... more good mail probably gets lost for other reasons beyond the mail server operator or network administrators control. ... So what DNSbls are you using that generate these higher rates of false positives? ... And most of the mail servers that I have seen allow local customization of the bounce message they send to their internal network users. ...
    (comp.os.vms)
  • Re: IMF and UceArchive folder
    ... could not get it to do what I needed, and decided to give the IMF a try. ... > 138 got a score of 1-3, making them almost certainly not spam. ... > potential false positives in the SCL range of 4-7." ... > It says you're a "Software Development Consultant" in your sig. ...
    (microsoft.public.exchange.admin)
  • Re: IMF and UceArchive folder
    ... The IMF has been running over the weekend at a level of 5. ... checking through every piece of archived email, and have no false positives. ... Some of the spam has been given a rating of 1 or 2, ... These guys are quoting MCP magazine. ...
    (microsoft.public.exchange.admin)
  • Re: SBS 2008 and antivirus
    ... I'll be installing more of these I'm ... Have you seen many false positives? ... Quarantine "Suspect" spam - the Suspect spam is part of the nightly ... Calling an illegal alien an "undocumented worker" is like calling a ...
    (microsoft.public.windows.server.sbs)
  • Re: We need an email tax
    ... Whiskers wrote: ... on the planet and is enforced strongly in all those countries. ... I get the impression that spam getting through is being greatly reduced ... The only sensible way to do email filtering as far as I'm concerned is ...
    (uk.people.support.depression)
Loading