Micah Anderson wrote:
> reject_rbl_client list.dsbl.org,

DSBL has shut down, and you should remove the query from your list. It
won't help with the phishing, but it'll free up some network resources.
Info: http://dsbl.org/node/3

> I've got clamav pulling signatures updated once a day from sanesecurity
> (phishing, spam, junk, rogue), SecuriteInfo (honeynet, vx,
> securesiteinfo) and Malware Black List, MSRBL (images, spam).

Odd, ClamAV + SaneSecurty does a really good job here at blocking phish
before they even get to SpamAssassin. We call clamd through MIMEDefang,
then call SpamAssassin (also through MimeDefang) if a message passes.

Have you verified that Clam is using the SaneSecurity signatures? How
are you calling ClamAV?

Kelson Vibber
SpeedGate Communications