23 Sep
2004
23 Sep
'04
10:09 a.m.
Our system is similar, except we block port 25 completely via RADIUS after we detect an outgoing virus or spam,
Detect how?
We don't sniff traffic for suspicious signatures at this point. Viruses are eventually caught by the assumption that "send to everyone in the address book" eventually will hit an address on the same mail server. Quarantined viruses are categorized by local user and IP address to identify the sender from RADIUS accounting records. Spam is based only on reports - those Spamcop reports are acted on by some people!