[Snort-sigs] email spammer sigs?

Matt Kettler mkettler at ...189...
Tue Dec 2 13:53:08 EST 2003

At 03:57 PM 12/2/2003, Jason Haar wrote:
>What you need to do (IMHO) is to policy route all Internet-bound TCP
>port 25 traffic to your own mail server(s), upon which you virus/SPAM
>scan. That way you catch it all.

That's pretty much exactly what I do here...

It's also quite effective at preventing the embarrassing situation of 
having to apologize to another admin when one of your users gets a virus on 
his machine and it starts spewing viruses...

If your firewall is set up right, all outbound mail can only go via the 
outbound MX, which virus scans everything. They can't directly deliver, and 
if your scanner is up-to-date, it will catch the outbound viruses and 
quarantine them as they pass through the outbound MX.

>There are several products to do this, some commercial, and OS ones like
>Qmail-Scanner (ahem), MailScanner and amavis - all of which do both
>virus and spam scanning.

Yep, and they all work well.. I use MailScanner here. 

More information about the Snort-sigs mailing list