[unisog] SP*M Detection Methods & Processes

Mark Borrie mark.borrie at otago.ac.nz
Tue Sep 26 02:40:29 GMT 2006


A few years ago we went the commercial way with spam management. At 
that time we were finding that staff costs in tweaking SA was significant and 
didn't appear to be getting less. We went with Sophos PureMessage even 
though its costs has gone up significantly after Sophos took it over from 
Active State. (It seems to be easier to capital funding that personel).

Sophos claim a detection rate of 97% or better. I have no reason to suspect 
that this is not true. 

PureMessage is configured to update every 5 minutes.  This means that 
often a message that has gotten through overnight is detectable by the time 
I get in in the morning. Most spam emails don't even get onto campus due 
to the IP blocker service. (To date we have only had 2 complaints that we 
have not accepted legit email. We pointed out that they had 
misconfigured/hacked systems that needed fixing and they were happy).

Over the past week I have had 11 spam messages that got through. 5 are 
now classified as spam. None are image spams. The last image spam that I 
can see was on Sept 10.

Hope that answer's Russell's question.


On 26 Sep 2006 at 12:00, Russell Fulton wrote:

> Spammers have now taken things to a new level and SA is not coping well.
> 
> One  question I have (and it is one some of our managers are asking):
> Are commercial products doing any better?  If you have an army of people
>  tweaking things on a hour by hour basis (like we now do with AV) you
> may be able to make some progress but it is going to be very expensive
> and in the end (I believe futile).
> 
> Anyway, I'd be interested in hearing from anyone who is using commercial
>  products as to how they are coping with the current wave of image spam.
> 
> We are playing with fuzzyocr plugin but have not put it into production
> yet.  I view this as a short term stop gap as we have already seen
> images with obscured fonts...
> 
> Cheers, Russell
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> http://lists.dshield.org/mailman/listinfo/unisog



-- 
Mark Borrie
Information Security Manager,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080, Mobile +64 27 609-6409


More information about the unisog mailing list